* [PULL 0/7] crypto asymmetric cipher patches
@ 2022-05-26 10:45 Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 1/7] qapi: crypto-akcipher: Introduce akcipher types to qapi Daniel P. Berrangé
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: Daniel P. Berrangé @ 2022-05-26 10:45 UTC (permalink / raw)
To: qemu-devel; +Cc: Daniel P. Berrangé, Markus Armbruster, Eric Blake
The following changes since commit 58b53669e87fed0d70903e05cd42079fbbdbc195:
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2022-05-25 13:46:29 -0700)
are available in the Git repository at:
https://gitlab.com/berrange/qemu tags/ak-pull-request
for you to fetch changes up to f0cfb761bc6e590d648b759e6bdb8c946062b5f5:
tests/crypto: Add test suite for RSA keys (2022-05-26 11:41:56 +0100)
----------------------------------------------------------------
Merge asymmetric cipher crypto support
This extends the internal crypto APIs to support the use of asymmetric
ciphers.
----------------------------------------------------------------
Lei He (6):
qapi: crypto-akcipher: Introduce akcipher types to qapi
crypto: add ASN.1 DER decoder
crypto: Implement RSA algorithm by hogweed
crypto: Implement RSA algorithm by gcrypt
test/crypto: Add test suite for crypto akcipher
tests/crypto: Add test suite for RSA keys
Zhenwei Pi (1):
crypto: Introduce akcipher crypto class
crypto/akcipher-gcrypt.c.inc | 595 ++++++++++++++
crypto/akcipher-nettle.c.inc | 451 +++++++++++
crypto/akcipher.c | 108 +++
crypto/akcipherpriv.h | 55 ++
crypto/der.c | 189 +++++
crypto/der.h | 81 ++
crypto/meson.build | 6 +
crypto/rsakey-builtin.c.inc | 200 +++++
crypto/rsakey-nettle.c.inc | 158 ++++
crypto/rsakey.c | 44 ++
crypto/rsakey.h | 92 +++
include/crypto/akcipher.h | 158 ++++
meson.build | 11 +
qapi/crypto.json | 64 ++
tests/bench/benchmark-crypto-akcipher.c | 137 ++++
tests/bench/meson.build | 1 +
tests/bench/test_akcipher_keys.inc | 537 +++++++++++++
tests/unit/meson.build | 2 +
tests/unit/test-crypto-akcipher.c | 990 ++++++++++++++++++++++++
tests/unit/test-crypto-der.c | 290 +++++++
20 files changed, 4169 insertions(+)
create mode 100644 crypto/akcipher-gcrypt.c.inc
create mode 100644 crypto/akcipher-nettle.c.inc
create mode 100644 crypto/akcipher.c
create mode 100644 crypto/akcipherpriv.h
create mode 100644 crypto/der.c
create mode 100644 crypto/der.h
create mode 100644 crypto/rsakey-builtin.c.inc
create mode 100644 crypto/rsakey-nettle.c.inc
create mode 100644 crypto/rsakey.c
create mode 100644 crypto/rsakey.h
create mode 100644 include/crypto/akcipher.h
create mode 100644 tests/bench/benchmark-crypto-akcipher.c
create mode 100644 tests/bench/test_akcipher_keys.inc
create mode 100644 tests/unit/test-crypto-akcipher.c
create mode 100644 tests/unit/test-crypto-der.c
--
2.36.1
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PULL 1/7] qapi: crypto-akcipher: Introduce akcipher types to qapi
2022-05-26 10:45 [PULL 0/7] crypto asymmetric cipher patches Daniel P. Berrangé
@ 2022-05-26 10:45 ` Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 2/7] crypto: Introduce akcipher crypto class Daniel P. Berrangé
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Daniel P. Berrangé @ 2022-05-26 10:45 UTC (permalink / raw)
To: qemu-devel
Cc: Daniel P. Berrangé,
Markus Armbruster, Eric Blake, Lei He, zhenwei pi
From: Lei He <helei.sig11@bytedance.com>
Introduce akcipher types, also include RSA related types.
Signed-off-by: Lei He <helei.sig11@bytedance.com>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
qapi/crypto.json | 64 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 64 insertions(+)
diff --git a/qapi/crypto.json b/qapi/crypto.json
index 15c24f0078..653e6e3f3d 100644
--- a/qapi/crypto.json
+++ b/qapi/crypto.json
@@ -534,3 +534,67 @@
'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
'*sanity-check': 'bool',
'*passwordid': 'str' } }
+##
+# @QCryptoAkCipherAlgorithm:
+#
+# The supported algorithms for asymmetric encryption ciphers
+#
+# @rsa: RSA algorithm
+#
+# Since: 7.1
+##
+{ 'enum': 'QCryptoAkCipherAlgorithm',
+ 'prefix': 'QCRYPTO_AKCIPHER_ALG',
+ 'data': ['rsa']}
+
+##
+# @QCryptoAkCipherKeyType:
+#
+# The type of asymmetric keys.
+#
+# Since: 7.1
+##
+{ 'enum': 'QCryptoAkCipherKeyType',
+ 'prefix': 'QCRYPTO_AKCIPHER_KEY_TYPE',
+ 'data': ['public', 'private']}
+
+##
+# @QCryptoRSAPaddingAlgorithm:
+#
+# The padding algorithm for RSA.
+#
+# @raw: no padding used
+# @pkcs1: pkcs1#v1.5
+#
+# Since: 7.1
+##
+{ 'enum': 'QCryptoRSAPaddingAlgorithm',
+ 'prefix': 'QCRYPTO_RSA_PADDING_ALG',
+ 'data': ['raw', 'pkcs1']}
+
+##
+# @QCryptoAkCipherOptionsRSA:
+#
+# Specific parameters for RSA algorithm.
+#
+# @hash-alg: QCryptoHashAlgorithm
+# @padding-alg: QCryptoRSAPaddingAlgorithm
+#
+# Since: 7.1
+##
+{ 'struct': 'QCryptoAkCipherOptionsRSA',
+ 'data': { 'hash-alg':'QCryptoHashAlgorithm',
+ 'padding-alg': 'QCryptoRSAPaddingAlgorithm'}}
+
+##
+# @QCryptoAkCipherOptions:
+#
+# The options that are available for all asymmetric key algorithms
+# when creating a new QCryptoAkCipher.
+#
+# Since: 7.1
+##
+{ 'union': 'QCryptoAkCipherOptions',
+ 'base': { 'alg': 'QCryptoAkCipherAlgorithm' },
+ 'discriminator': 'alg',
+ 'data': { 'rsa': 'QCryptoAkCipherOptionsRSA' }}
--
2.36.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PULL 2/7] crypto: Introduce akcipher crypto class
2022-05-26 10:45 [PULL 0/7] crypto asymmetric cipher patches Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 1/7] qapi: crypto-akcipher: Introduce akcipher types to qapi Daniel P. Berrangé
@ 2022-05-26 10:45 ` Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 3/7] crypto: add ASN.1 DER decoder Daniel P. Berrangé
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Daniel P. Berrangé @ 2022-05-26 10:45 UTC (permalink / raw)
To: qemu-devel
Cc: Daniel P. Berrangé,
Markus Armbruster, Eric Blake, zhenwei pi, lei he
From: zhenwei pi <pizhenwei@bytedance.com>
Introduce new akcipher crypto class 'QCryptoAkCIpher', which supports
basic asymmetric operations: encrypt, decrypt, sign and verify.
Suggested by Daniel P. Berrangé, also add autoptr cleanup for the new
class. Thanks to Daniel!
Co-developed-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/akcipher.c | 102 ++++++++++++++++++++++++
crypto/akcipherpriv.h | 55 +++++++++++++
crypto/meson.build | 1 +
include/crypto/akcipher.h | 158 ++++++++++++++++++++++++++++++++++++++
4 files changed, 316 insertions(+)
create mode 100644 crypto/akcipher.c
create mode 100644 crypto/akcipherpriv.h
create mode 100644 include/crypto/akcipher.h
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
new file mode 100644
index 0000000000..ab28bf415b
--- /dev/null
+++ b/crypto/akcipher.c
@@ -0,0 +1,102 @@
+/*
+ * QEMU Crypto akcipher algorithms
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: zhenwei pi <pizhenwei@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/akcipher.h"
+#include "akcipherpriv.h"
+
+QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts,
+ QCryptoAkCipherKeyType type,
+ const uint8_t *key, size_t keylen,
+ Error **errp)
+{
+ QCryptoAkCipher *akcipher = NULL;
+
+ return akcipher;
+}
+
+bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts)
+{
+ return false;
+}
+
+int qcrypto_akcipher_encrypt(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ void *out, size_t out_len, Error **errp)
+{
+ const QCryptoAkCipherDriver *drv = akcipher->driver;
+
+ return drv->encrypt(akcipher, in, in_len, out, out_len, errp);
+}
+
+int qcrypto_akcipher_decrypt(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ void *out, size_t out_len, Error **errp)
+{
+ const QCryptoAkCipherDriver *drv = akcipher->driver;
+
+ return drv->decrypt(akcipher, in, in_len, out, out_len, errp);
+}
+
+int qcrypto_akcipher_sign(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ void *out, size_t out_len, Error **errp)
+{
+ const QCryptoAkCipherDriver *drv = akcipher->driver;
+
+ return drv->sign(akcipher, in, in_len, out, out_len, errp);
+}
+
+int qcrypto_akcipher_verify(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ const void *in2, size_t in2_len, Error **errp)
+{
+ const QCryptoAkCipherDriver *drv = akcipher->driver;
+
+ return drv->verify(akcipher, in, in_len, in2, in2_len, errp);
+}
+
+int qcrypto_akcipher_max_plaintext_len(QCryptoAkCipher *akcipher)
+{
+ return akcipher->max_plaintext_len;
+}
+
+int qcrypto_akcipher_max_ciphertext_len(QCryptoAkCipher *akcipher)
+{
+ return akcipher->max_ciphertext_len;
+}
+
+int qcrypto_akcipher_max_signature_len(QCryptoAkCipher *akcipher)
+{
+ return akcipher->max_signature_len;
+}
+
+int qcrypto_akcipher_max_dgst_len(QCryptoAkCipher *akcipher)
+{
+ return akcipher->max_dgst_len;
+}
+
+void qcrypto_akcipher_free(QCryptoAkCipher *akcipher)
+{
+ const QCryptoAkCipherDriver *drv = akcipher->driver;
+
+ drv->free(akcipher);
+}
diff --git a/crypto/akcipherpriv.h b/crypto/akcipherpriv.h
new file mode 100644
index 0000000000..739f639bcf
--- /dev/null
+++ b/crypto/akcipherpriv.h
@@ -0,0 +1,55 @@
+/*
+ * QEMU Crypto asymmetric algorithms
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: zhenwei pi <pizhenwei@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef QCRYPTO_AKCIPHERPRIV_H
+#define QCRYPTO_AKCIPHERPRIV_H
+
+#include "qapi/qapi-types-crypto.h"
+
+typedef struct QCryptoAkCipherDriver QCryptoAkCipherDriver;
+
+struct QCryptoAkCipher {
+ QCryptoAkCipherAlgorithm alg;
+ QCryptoAkCipherKeyType type;
+ int max_plaintext_len;
+ int max_ciphertext_len;
+ int max_signature_len;
+ int max_dgst_len;
+ QCryptoAkCipherDriver *driver;
+};
+
+struct QCryptoAkCipherDriver {
+ int (*encrypt)(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ void *out, size_t out_len, Error **errp);
+ int (*decrypt)(QCryptoAkCipher *akcipher,
+ const void *out, size_t out_len,
+ void *in, size_t in_len, Error **errp);
+ int (*sign)(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ void *out, size_t out_len, Error **errp);
+ int (*verify)(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ const void *in2, size_t in2_len, Error **errp);
+ void (*free)(QCryptoAkCipher *akcipher);
+};
+
+#endif /* QCRYPTO_AKCIPHER_H */
diff --git a/crypto/meson.build b/crypto/meson.build
index 685fb37097..313f935f27 100644
--- a/crypto/meson.build
+++ b/crypto/meson.build
@@ -1,6 +1,7 @@
crypto_ss.add(genh)
crypto_ss.add(files(
'afsplit.c',
+ 'akcipher.c',
'block-luks.c',
'block-qcow.c',
'block.c',
diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
new file mode 100644
index 0000000000..51f5fa2774
--- /dev/null
+++ b/include/crypto/akcipher.h
@@ -0,0 +1,158 @@
+/*
+ * QEMU Crypto asymmetric algorithms
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: zhenwei pi <pizhenwei@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef QCRYPTO_AKCIPHER_H
+#define QCRYPTO_AKCIPHER_H
+
+#include "qapi/qapi-types-crypto.h"
+
+typedef struct QCryptoAkCipher QCryptoAkCipher;
+
+/**
+ * qcrypto_akcipher_supports:
+ * @opts: the asymmetric key algorithm and related options
+ *
+ * Determine if asymmetric key cipher decribed with @opts is
+ * supported by the current configured build
+ *
+ * Returns: true if it is supported, false otherwise.
+ */
+bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts);
+
+/**
+ * qcrypto_akcipher_new:
+ * @opts: specify the algorithm and the related arguments
+ * @type: private or public key type
+ * @key: buffer to store the key
+ * @key_len: the length of key buffer
+ * @errp: error pointer
+ *
+ * Create akcipher context
+ *
+ * Returns: On success, a new QCryptoAkCipher initialized with @opt
+ * is created and returned, otherwise NULL is returned.
+ */
+
+QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts,
+ QCryptoAkCipherKeyType type,
+ const uint8_t *key, size_t key_len,
+ Error **errp);
+
+/**
+ * qcrypto_akcipher_encrypt:
+ * @akcipher: akcipher context
+ * @in: plaintext pending to be encrypted
+ * @in_len: length of plaintext, less or equal to the size reported
+ * by a call to qcrypto_akcipher_max_plaintext_len()
+ * @out: buffer to store the ciphertext
+ * @out_len: length of ciphertext, less or equal to the size reported
+ * by a call to qcrypto_akcipher_max_ciphertext_len()
+ * @errp: error pointer
+ *
+ * Encrypt @in and write ciphertext into @out
+ *
+ * Returns: length of ciphertext if encrypt succeed,
+ * otherwise -1 is returned
+ */
+int qcrypto_akcipher_encrypt(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ void *out, size_t out_len, Error **errp);
+
+/**
+ * qcrypto_akcipher_decrypt:
+ * @akcipher: akcipher context
+ * @in: ciphertext to be decrypted
+ * @in_len: the length of ciphertext, less or equal to the size reported
+ * by a call to qcrypto_akcipher_max_ciphertext_len()
+ * @out: buffer to store the plaintext
+ * @out_len: length of the plaintext buffer, less or equal to the size
+ * reported by a call to qcrypto_akcipher_max_plaintext_len()
+ * @errp: error pointer
+ *
+ * Decrypt @in and write plaintext into @out
+ *
+ * Returns: length of plaintext if decrypt succeed,
+ * otherwise -1 is returned
+ */
+int qcrypto_akcipher_decrypt(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ void *out, size_t out_len, Error **errp);
+
+/**
+ * qcrypto_akcipher_sign:
+ * @akcipher: akcipher context
+ * @in: data to be signed
+ * @in_len: the length of data, less or equal to the size reported
+ * by a call to qcrypto_akcipher_max_dgst_len()
+ * @out: buffer to store the signature
+ * @out_len: length of the signature buffer, less or equal to the size
+ * by a call to qcrypto_akcipher_max_signature_len()
+ * @errp: error pointer
+ *
+ * Generate signature for @in, write into @out
+ *
+ * Returns: length of signature if succeed,
+ * otherwise -1 is returned
+ */
+int qcrypto_akcipher_sign(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ void *out, size_t out_len, Error **errp);
+
+/**
+ * qcrypto_akcipher_verify:
+ * @akcipher: akcipher context
+ * @in: pointer to the signature
+ * @in_len: length of signature, ess or equal to the size reported
+ * by a call to qcrypto_akcipher_max_signature_len()
+ * @in2: pointer to original data
+ * @in2_len: the length of original data, less or equal to the size
+ * by a call to qcrypto_akcipher_max_dgst_len()
+ * @errp: error pointer
+ *
+ * Verify @in and @in2 match or not
+ *
+ * Returns: 0 for succeed,
+ * otherwise -1 is returned
+ */
+int qcrypto_akcipher_verify(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ const void *in2, size_t in2_len, Error **errp);
+
+int qcrypto_akcipher_max_plaintext_len(QCryptoAkCipher *akcipher);
+
+int qcrypto_akcipher_max_ciphertext_len(QCryptoAkCipher *akcipher);
+
+int qcrypto_akcipher_max_signature_len(QCryptoAkCipher *akcipher);
+
+int qcrypto_akcipher_max_dgst_len(QCryptoAkCipher *akcipher);
+
+/**
+ * qcrypto_akcipher_free:
+ * @akcipher: akcipher context
+ *
+ * Free the akcipher context
+ *
+ */
+void qcrypto_akcipher_free(QCryptoAkCipher *akcipher);
+
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoAkCipher, qcrypto_akcipher_free)
+
+#endif /* QCRYPTO_AKCIPHER_H */
--
2.36.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PULL 3/7] crypto: add ASN.1 DER decoder
2022-05-26 10:45 [PULL 0/7] crypto asymmetric cipher patches Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 1/7] qapi: crypto-akcipher: Introduce akcipher types to qapi Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 2/7] crypto: Introduce akcipher crypto class Daniel P. Berrangé
@ 2022-05-26 10:45 ` Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 4/7] crypto: Implement RSA algorithm by hogweed Daniel P. Berrangé
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Daniel P. Berrangé @ 2022-05-26 10:45 UTC (permalink / raw)
To: qemu-devel
Cc: Daniel P. Berrangé,
Markus Armbruster, Eric Blake, Lei He, zhenwei pi
From: Lei He <helei.sig11@bytedance.com>
Add an ANS.1 DER decoder which is used to parse asymmetric
cipher keys
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/der.c | 189 +++++++++++++++++++++++
crypto/der.h | 81 ++++++++++
crypto/meson.build | 1 +
tests/unit/meson.build | 1 +
tests/unit/test-crypto-der.c | 290 +++++++++++++++++++++++++++++++++++
5 files changed, 562 insertions(+)
create mode 100644 crypto/der.c
create mode 100644 crypto/der.h
create mode 100644 tests/unit/test-crypto-der.c
diff --git a/crypto/der.c b/crypto/der.c
new file mode 100644
index 0000000000..f877390bbb
--- /dev/null
+++ b/crypto/der.c
@@ -0,0 +1,189 @@
+/*
+ * QEMU Crypto ASN.1 DER decoder
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: lei he <helei.sig11@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/der.h"
+
+enum QCryptoDERTypeTag {
+ QCRYPTO_DER_TYPE_TAG_BOOL = 0x1,
+ QCRYPTO_DER_TYPE_TAG_INT = 0x2,
+ QCRYPTO_DER_TYPE_TAG_BIT_STR = 0x3,
+ QCRYPTO_DER_TYPE_TAG_OCT_STR = 0x4,
+ QCRYPTO_DER_TYPE_TAG_OCT_NULL = 0x5,
+ QCRYPTO_DER_TYPE_TAG_OCT_OID = 0x6,
+ QCRYPTO_DER_TYPE_TAG_SEQ = 0x10,
+ QCRYPTO_DER_TYPE_TAG_SET = 0x11,
+};
+
+#define QCRYPTO_DER_CONSTRUCTED_MASK 0x20
+#define QCRYPTO_DER_SHORT_LEN_MASK 0x80
+
+static uint8_t qcrypto_der_peek_byte(const uint8_t **data, size_t *dlen)
+{
+ return **data;
+}
+
+static void qcrypto_der_cut_nbytes(const uint8_t **data,
+ size_t *dlen,
+ size_t nbytes)
+{
+ *data += nbytes;
+ *dlen -= nbytes;
+}
+
+static uint8_t qcrypto_der_cut_byte(const uint8_t **data, size_t *dlen)
+{
+ uint8_t val = qcrypto_der_peek_byte(data, dlen);
+
+ qcrypto_der_cut_nbytes(data, dlen, 1);
+
+ return val;
+}
+
+static int qcrypto_der_invoke_callback(QCryptoDERDecodeCb cb, void *ctx,
+ const uint8_t *value, size_t vlen,
+ Error **errp)
+{
+ if (!cb) {
+ return 0;
+ }
+
+ return cb(ctx, value, vlen, errp);
+}
+
+static int qcrypto_der_extract_definite_data(const uint8_t **data, size_t *dlen,
+ QCryptoDERDecodeCb cb, void *ctx,
+ Error **errp)
+{
+ const uint8_t *value;
+ size_t vlen = 0;
+ uint8_t byte_count = qcrypto_der_cut_byte(data, dlen);
+
+ /* short format of definite-length */
+ if (!(byte_count & QCRYPTO_DER_SHORT_LEN_MASK)) {
+ if (byte_count > *dlen) {
+ error_setg(errp, "Invalid content length: %u", byte_count);
+ return -1;
+ }
+
+ value = *data;
+ vlen = byte_count;
+ qcrypto_der_cut_nbytes(data, dlen, vlen);
+
+ if (qcrypto_der_invoke_callback(cb, ctx, value, vlen, errp) != 0) {
+ return -1;
+ }
+ return vlen;
+ }
+
+ /* Ignore highest bit */
+ byte_count &= ~QCRYPTO_DER_SHORT_LEN_MASK;
+
+ /*
+ * size_t is enough to store the value of length, although the DER
+ * encoding standard supports larger length.
+ */
+ if (byte_count > sizeof(size_t)) {
+ error_setg(errp, "Invalid byte count of content length: %u",
+ byte_count);
+ return -1;
+ }
+
+ if (byte_count > *dlen) {
+ error_setg(errp, "Invalid content length: %u", byte_count);
+ return -1;
+ }
+ while (byte_count--) {
+ vlen <<= 8;
+ vlen += qcrypto_der_cut_byte(data, dlen);
+ }
+
+ if (vlen > *dlen) {
+ error_setg(errp, "Invalid content length: %zu", vlen);
+ return -1;
+ }
+
+ value = *data;
+ qcrypto_der_cut_nbytes(data, dlen, vlen);
+
+ if (qcrypto_der_invoke_callback(cb, ctx, value, vlen, errp) != 0) {
+ return -1;
+ }
+ return vlen;
+}
+
+static int qcrypto_der_extract_data(const uint8_t **data, size_t *dlen,
+ QCryptoDERDecodeCb cb, void *ctx,
+ Error **errp)
+{
+ uint8_t val;
+ if (*dlen < 1) {
+ error_setg(errp, "Need more data");
+ return -1;
+ }
+ val = qcrypto_der_peek_byte(data, dlen);
+
+ /* must use definite length format */
+ if (val == QCRYPTO_DER_SHORT_LEN_MASK) {
+ error_setg(errp, "Only definite length format is allowed");
+ return -1;
+ }
+
+ return qcrypto_der_extract_definite_data(data, dlen, cb, ctx, errp);
+}
+
+int qcrypto_der_decode_int(const uint8_t **data, size_t *dlen,
+ QCryptoDERDecodeCb cb, void *ctx, Error **errp)
+{
+ uint8_t tag;
+ if (*dlen < 1) {
+ error_setg(errp, "Need more data");
+ return -1;
+ }
+ tag = qcrypto_der_cut_byte(data, dlen);
+
+ /* INTEGER must encoded in primitive-form */
+ if (tag != QCRYPTO_DER_TYPE_TAG_INT) {
+ error_setg(errp, "Invalid integer type tag: %u", tag);
+ return -1;
+ }
+
+ return qcrypto_der_extract_data(data, dlen, cb, ctx, errp);
+}
+
+int qcrypto_der_decode_seq(const uint8_t **data, size_t *dlen,
+ QCryptoDERDecodeCb cb, void *ctx, Error **errp)
+{
+ uint8_t tag;
+ if (*dlen < 1) {
+ error_setg(errp, "Need more data");
+ return -1;
+ }
+ tag = qcrypto_der_cut_byte(data, dlen);
+
+ /* SEQUENCE must use constructed form */
+ if (tag != (QCRYPTO_DER_TYPE_TAG_SEQ | QCRYPTO_DER_CONSTRUCTED_MASK)) {
+ error_setg(errp, "Invalid type sequence tag: %u", tag);
+ return -1;
+ }
+
+ return qcrypto_der_extract_data(data, dlen, cb, ctx, errp);
+}
diff --git a/crypto/der.h b/crypto/der.h
new file mode 100644
index 0000000000..e3d3aeacdc
--- /dev/null
+++ b/crypto/der.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2022 Bytedance
+ * Author: lei he <helei.sig11@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef QCRYPTO_ASN1_DECODER_H
+#define QCRYPTO_ASN1_DECODER_H
+
+#include "qapi/error.h"
+
+/* Simple decoder used to parse DER encoded rsa keys. */
+
+/**
+ * @opaque: user context.
+ * @value: the starting address of |value| part of 'Tag-Length-Value' pattern.
+ * @vlen: length of the |value|.
+ * Returns: 0 for success, any other value is considered an error.
+ */
+typedef int (*QCryptoDERDecodeCb) (void *opaque, const uint8_t *value,
+ size_t vlen, Error **errp);
+
+/**
+ * qcrypto_der_decode_int:
+ * @data: pointer to address of input data
+ * @dlen: pointer to length of input data
+ * @cb: callback invoked when decode succeed, if cb equals NULL, no
+ * callback will be invoked
+ * @opaque: parameter passed to cb
+ *
+ * Decode integer from DER-encoded data.
+ *
+ * Returns: On success, *data points to rest data, and *dlen
+ * will be set to the rest length of data, if cb is not NULL, must
+ * return 0 to make decode success, at last, the length of the data
+ * part of the decoded INTEGER will be returned. Otherwise, -1 is
+ * returned.
+ */
+int qcrypto_der_decode_int(const uint8_t **data,
+ size_t *dlen,
+ QCryptoDERDecodeCb cb,
+ void *opaque,
+ Error **errp);
+
+/**
+ * qcrypto_der_decode_seq:
+ *
+ * Decode sequence from DER-encoded data, similar with der_decode_int.
+ *
+ * @data: pointer to address of input data
+ * @dlen: pointer to length of input data
+ * @cb: callback invoked when decode succeed, if cb equals NULL, no
+ * callback will be invoked
+ * @opaque: parameter passed to cb
+ *
+ * Returns: On success, *data points to rest data, and *dlen
+ * will be set to the rest length of data, if cb is not NULL, must
+ * return 0 to make decode success, at last, the length of the data
+ * part of the decoded SEQUENCE will be returned. Otherwise, -1 is
+ * returned.
+ */
+int qcrypto_der_decode_seq(const uint8_t **data,
+ size_t *dlen,
+ QCryptoDERDecodeCb cb,
+ void *opaque,
+ Error **errp);
+
+#endif /* QCRYPTO_ASN1_DECODER_H */
diff --git a/crypto/meson.build b/crypto/meson.build
index 313f935f27..b8152ae7cb 100644
--- a/crypto/meson.build
+++ b/crypto/meson.build
@@ -6,6 +6,7 @@ crypto_ss.add(files(
'block-qcow.c',
'block.c',
'cipher.c',
+ 'der.c',
'hash.c',
'hmac.c',
'ivgen-essiv.c',
diff --git a/tests/unit/meson.build b/tests/unit/meson.build
index 264f2bc0c8..5a7993e56c 100644
--- a/tests/unit/meson.build
+++ b/tests/unit/meson.build
@@ -78,6 +78,7 @@ if have_block
'test-crypto-hmac': [crypto],
'test-crypto-cipher': [crypto],
'test-crypto-secret': [crypto, keyutils],
+ 'test-crypto-der': [crypto],
'test-authz-simple': [authz],
'test-authz-list': [authz],
'test-authz-listfile': [authz],
diff --git a/tests/unit/test-crypto-der.c b/tests/unit/test-crypto-der.c
new file mode 100644
index 0000000000..aed0f28d68
--- /dev/null
+++ b/tests/unit/test-crypto-der.c
@@ -0,0 +1,290 @@
+/*
+ * QEMU Crypto akcipher algorithms
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: lei he <helei@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/der.h"
+
+/* rsa(512) private key, generated by openssl */
+static const uint8_t test_rsa512_priv_key[] =
+ "\x30\x82\x01\x39" /* SEQUENCE, offset: 0, length: 313 */
+ "\x02\x01\x00" /* INTEGER, offset: 4, length: 1 */
+ "\x02\x41" /* INTEGER, offset: 7, length: 65 */
+ "\x00\xb9\xe1\x22\xdb\x56\x2f\xb6\xf7\xf0\x0a\x87\x43\x07\x12\xdb"
+ "\x6d\xb6\x2b\x41\x8d\x2c\x3c\xa5\xdd\x78\x9a\x8f\xab\x8e\xf2\x4a"
+ "\xc8\x34\x0c\x12\x4f\x11\x90\xc6\xc2\xa5\xd0\xcd\xfb\xfc\x2c\x95"
+ "\x56\x82\xdf\x39\xf3\x3b\x1d\x62\x26\x97\xb7\x93\x25\xc7\xec\x7e"
+ "\xf7"
+ "\x02\x03\x01\x00\x01" /* INTEGER, offset: 74, length: 3 */
+ "\x02\x40" /* INTEGER, offset: 79, length: 64 */
+ "\x1e\x80\xfe\xda\x65\xdb\x70\xb8\x61\x91\x28\xbf\x6c\x32\xc1\x05"
+ "\xd1\x26\x6a\x1c\x83\xcc\xf4\x1f\x53\x42\x72\x1f\x62\x57\x0a\xc4"
+ "\x66\x76\x30\x87\xb9\xb1\xb9\x6a\x63\xfd\x8f\x3e\xfc\x35\x3f\xd6"
+ "\x2e\x6c\xc8\x70\x8a\x17\xc1\x28\x6a\xfe\x51\x56\xb3\x92\x6f\x09"
+ "\x02\x21" /* INTEGER, offset: 145, length: 33 */
+ "\x00\xe3\x2e\x2d\x8d\xba\x1c\x34\x4c\x49\x9f\xc1\xa6\xdd\xd7\x13"
+ "\x8d\x05\x48\xdd\xff\x5c\x30\xbc\x6b\xc4\x18\x9d\xfc\xa2\xd0\x9b"
+ "\x4d"
+ "\x02\x21" /* INTEGER, offset: 180, length: 33 */
+ "\x00\xd1\x75\xaf\x4b\xc6\x1a\xb0\x98\x14\x42\xae\x33\xf3\x44\xde"
+ "\x21\xcb\x04\xda\xfb\x1e\x35\x92\xcd\x69\xc0\x83\x06\x83\x8e\x39"
+ "\x53"
+ "\x02\x20" /* INTEGER, offset: 215, length: 32 */
+ "\x68\x8d\x2a\xf7\xcb\xcc\x09\x21\x86\xcc\x98\x21\xc4\x7c\xa4\x09"
+ "\xc5\x81\xd8\x71\x1a\x2b\x6f\xbb\xa4\xde\xb3\x6e\xbe\x3b\x85\x0d"
+ "\x02\x20" /* INTEGER, offset: 249, length: 32 */
+ "\x64\x06\x0e\xef\xe0\x6a\x5e\x6a\x41\x42\x96\x6d\xb8\x7d\xea\x95"
+ "\xb8\x9d\x58\xf5\x12\x38\x03\x22\x94\x9d\x99\xf4\x42\x5e\x68\x81"
+ "\x02\x20" /* INTEGER, offset: 283, length: 32 */
+ "\x7f\x1d\x87\xe8\x55\x30\x75\xc7\x29\xec\xc9\x65\x76\x5a\x6a\xa3"
+ "\x4a\x6e\xe1\x26\x65\xd1\x76\xd5\xb9\xd1\x8b\xa8\x73\xe2\x6a\x9e";
+
+static const uint8_t test_rsa2048_priv_key[] =
+ "\x30\x82\x04\xa6" /* SEQUENCE, offset: 0, length 1190 */
+ "\x02\x01\x00" /* INTEGER, offset: 4, length: 1 */
+ "\x02\x82\x01\x01" /* INTEGER, offset: 7, length: 257 */
+ "\x00\xd1\x48\xc2\xc1\x1d\x4f\x94\xf2\xbb\x9b\xe2\x2d\xe1\xea\x4c"
+ "\xce\x41\x72\xe3\x41\x7e\x9d\x91\x85\xa3\x4e\xe1\x2c\xf6\x52\x6d"
+ "\xf9\x84\x64\xdf\x87\x28\x4a\xc9\x9d\x78\x93\x47\xc8\xd9\x66\x2e"
+ "\xf4\xc6\xf0\x32\x15\x1a\xe8\xaf\x5a\xca\x3a\xd3\x3e\xf6\xde\x86"
+ "\xdd\x9b\xa6\x4d\x74\x58\xf0\x11\x7f\x66\xd5\x1c\xd8\xde\xa3\xf8"
+ "\xa3\xfc\x33\x55\x89\xa9\xc3\xea\x5b\x2e\x31\x06\xf8\xcb\x9e\x6e"
+ "\xb2\x68\x0d\xe6\xc3\x5c\x2d\xf8\xa2\xbd\x00\x1a\xf6\xb6\xdd\x14"
+ "\x8d\x11\x6d\x2d\xc6\x0c\x09\xe6\xf6\xb9\x8b\x87\x4c\x9f\x4d\x63"
+ "\xd3\x94\xf4\x32\xca\xcf\x5e\xbf\xe2\x7f\x73\x5a\x65\xec\x82\x0d"
+ "\x7f\x30\x25\x03\xd4\x3a\xff\xa2\xe8\xd6\xb5\x1f\x4f\x36\x64\x61"
+ "\xc3\x5f\xb2\x9e\x0c\x53\x04\x19\x34\x99\xe8\xe3\xe6\xd3\x2f\x45"
+ "\x58\x8e\x5d\x54\x5a\xa0\xc0\x5e\x51\x9b\x22\x15\xec\x26\x6f\x72"
+ "\x68\xe9\xbf\x5d\x1d\xb5\xd9\xe4\x81\x1a\x92\x66\xa8\xcb\x73\x46"
+ "\xab\x96\x7b\xf8\x9c\xf5\xb5\x9e\x2b\x13\x71\xe0\x01\x0c\x59\x1b"
+ "\x63\x9f\xb7\xd1\xcd\x47\x8e\xc7\x3a\xbe\xcb\x47\xa7\x23\x43\xa7"
+ "\x7d\xbd\x2c\x4e\x22\x37\xcc\xf9\x1b\x1b\xbb\xed\xec\xf0\x47\x92"
+ "\x43"
+ "\x02\x03\x01\x00\x01" /* INTEGER, offset 268, length 3 */
+ "\x02\x82\x01\x01" /* INTEGER, offset 273, length 257 */
+ "\x00\x8d\x21\x97\x0c\x29\x9a\xf8\x23\xf4\x76\x3b\xc1\x9b\x3e\xa8"
+ "\x8a\xd2\xc2\x0a\x14\xa9\xb0\xd2\x68\x9f\x67\x5b\x1c\x3a\x03\xfe"
+ "\x5b\xac\x77\x65\xf1\xbc\x2f\x2a\xe5\x01\x61\xb8\x9f\xee\x53\x25"
+ "\x49\x36\x3a\xd6\x5b\x3b\x29\x3c\xcf\x69\xde\xdf\x83\xef\x70\xc2"
+ "\xdc\x00\xd1\xd6\x1b\xa6\xba\x45\xe2\x77\x53\x31\xbf\xe1\xec\x0b"
+ "\x89\x72\x52\x9f\xd5\x54\xe1\x64\x52\x16\xc5\x43\x21\x56\x16\xc2"
+ "\x29\x97\x58\x00\x8d\x2f\xc5\x64\x8d\x42\x0d\x27\x21\xc6\xd1\x31"
+ "\xc1\xab\xc5\xc7\x7f\x6d\xb0\xe3\xca\xef\xf6\xf2\xc7\xae\x09\xbf"
+ "\x4d\xc0\x4e\x90\x2c\x28\xb9\xcc\x22\x74\xf2\xd5\xff\x4d\x86\xf6"
+ "\xec\x45\x1f\xbf\x25\x4c\x30\x26\x76\x4f\x09\x13\x83\xef\x35\x73"
+ "\xa3\xa2\xb1\x40\xcf\x07\x7a\x83\xae\xea\x00\xea\x74\xc7\x54\x6a"
+ "\x88\x19\xed\x35\xd3\x7e\x5e\xac\x51\xc1\x1e\x5e\x2c\x57\x72\x20"
+ "\x10\x6a\x0c\x47\xe1\xf0\x36\x70\xd2\xa7\x57\x64\x47\x46\x9f\xca"
+ "\x23\x8a\x48\x50\x1d\x33\x6a\x86\x46\x69\xed\x54\x65\x6b\x9e\xab"
+ "\x1f\x84\x87\xf4\x92\x8a\x6c\x44\x20\xaa\x8d\xd8\x50\xde\x45\x74"
+ "\xe0\xa8\xc7\xb9\x38\x74\x24\x51\x33\xf0\x39\x54\x6c\x11\xae\xc2"
+ "\x29"
+ "\x02\x81\x81" /* INTEGER, offset 534, length 129 */
+ "\x00\xe8\x26\xd1\xf9\xa0\xd3\x0e\x3f\x2f\x89\x9b\x94\x16\x12\xd1"
+ "\xae\x3c\x53\x9c\xcf\xc6\xf7\x03\xf5\xdf\x39\xdc\x25\x5d\xcb\xb8"
+ "\xb9\x74\x3e\x3b\x36\xf6\xa0\x8d\xb1\x0e\xd8\xfe\x8c\xcd\x01\x13"
+ "\x77\x73\x08\x0f\x32\xbd\xe6\x95\xdc\xd0\x14\x7d\x44\xdc\x3e\xd9"
+ "\xaa\x8a\x32\xe6\x0e\x76\xb6\x05\xc5\x6b\x87\x78\x9a\x32\xe2\xf8"
+ "\x78\xba\x58\x75\x58\xd5\x26\x9d\x9a\x0f\xb6\xca\xb5\x27\xd8\x58"
+ "\xae\x3f\x49\x54\xd2\x2b\xac\x28\x39\x88\x31\x42\x12\x08\xea\x0b"
+ "\x39\x58\xae\xf3\x82\xa0\xe2\x75\x7c\x96\xa9\xb8\x57\x29\x6d\xd7"
+ "\x37"
+ "\x02\x81\x81" /* INTEGER, offset 666, length 129 */
+ "\x00\xe6\xc8\x91\x50\x49\x97\x56\x70\x6e\x25\xf5\x77\x25\xa5\x41"
+ "\xfe\xd7\x25\x1b\xc1\x4a\xff\x37\x44\x2b\x46\xa0\xdf\xe8\x02\x09"
+ "\xdd\xa8\x41\xa1\x12\x84\x3c\xf8\xc2\x13\x3e\xb8\x4b\x22\x01\xac"
+ "\xa6\x09\xb2\xe9\xcd\xc8\x51\xee\xde\xa3\x1e\x6b\xfe\xb1\xf8\xb6"
+ "\x9e\x48\x36\x62\x0b\x05\xfa\x38\xc1\x06\x04\x58\x95\x4d\x25\x13"
+ "\x6d\x0b\x12\x0b\xc9\x6d\x59\xfc\x33\x03\x36\x01\x12\x09\x72\x74"
+ "\x5e\x98\x65\x66\x2f\x3a\xde\xd8\xd4\xee\x6f\x82\xe6\x36\x49\x12"
+ "\x6a\x94\x28\xe9\x28\x9e\xef\x29\xdc\xdf\xab\x94\x65\x02\x4e\x4b"
+ "\x55"
+ "\x02\x81\x81" /* INTEGER, offset 798, length 129 */
+ "\x00\xc9\xda\xb7\x48\x6e\x66\x15\x45\x2b\x78\x63\x26\x67\xeb\x05"
+ "\x16\x92\xad\xc0\xf3\x88\xf4\xcf\x24\xc2\x6b\xf4\xd7\x28\xaf\x32"
+ "\x77\x4e\x73\xad\xd9\x24\xa8\x85\x8b\x26\x75\xd7\x1f\x66\x41\x41"
+ "\x43\xe3\x69\x66\x8d\xa0\x41\x16\x9d\x60\xef\xef\xdc\x28\x05\x1e"
+ "\x0e\x03\x0c\x2e\xac\xf4\xdb\x60\x39\x40\x3e\x12\xc7\x40\xe7\xc9"
+ "\x54\x6f\xf2\xea\x55\xcb\x40\x40\x58\xec\xc0\xeb\x90\x88\x8c\xbc"
+ "\xcf\x05\x88\x25\x90\x79\x18\xc0\x01\x06\x42\x8e\x48\x50\x27\xf0"
+ "\x8a\x74\x69\xea\xa1\xf2\x71\xf5\xe5\xd6\xba\xcb\xe6\x3d\xc7\x9c"
+ "\x11"
+ "\x02\x81\x81" /* INTEGER, offset 930, length 129 */
+ "\x00\xc9\xf5\x04\xad\x34\xe9\x39\xdc\x83\x97\xb6\x3a\x40\xf8\x60"
+ "\x4b\x69\xec\xf0\x5f\xf3\x88\x69\xcd\xbe\xed\x3c\xc5\x14\x5c\x0c"
+ "\x54\x2b\xf4\xda\xc6\xc0\x70\x36\xe4\x67\x41\x00\xb7\xc7\x17\x9e"
+ "\x05\x63\x01\x6d\x77\x06\x71\x24\xcf\x32\x01\xe2\x51\xed\x5e\x90"
+ "\x38\xed\x4a\xa1\xfb\xb1\x8c\x69\xf4\x08\x96\xef\x0a\x20\x8b\x6c"
+ "\x77\x85\x33\x92\x9a\xff\x95\xba\x8c\xcd\xa7\x89\xc2\x46\x00\x21"
+ "\xf3\xd1\xfb\x12\x34\x0c\x99\x8d\x38\xb1\x3b\x66\x5a\x9d\x70\xce"
+ "\xab\xf3\xe1\xe5\x40\x05\xed\x97\x3d\xd1\x82\x6e\x07\x02\xc0\x8f"
+ "\x4d"
+ "\x02\x81\x81" /* INTEGER, offset 1062, length 129 */
+ "\x00\xe4\x96\x79\xa8\x6a\x70\xdd\x67\x42\xff\x15\x11\x9e\x01\x71"
+ "\xac\xf1\x70\x7d\x87\xe2\x6e\x0c\x4d\xbb\x21\x15\xbb\xa7\x4e\x0c"
+ "\x09\x7e\x82\xca\x91\xbe\xd0\xdd\x9c\x8c\xb0\x77\x64\x30\x1b\x7e"
+ "\xbb\x69\xcb\x4c\xde\xd6\x6a\xb9\x72\x15\x79\xdc\x05\x99\x69\x8b"
+ "\x24\xa1\xad\x13\x35\x31\xc0\x0b\xf1\xd2\x06\x7c\x94\x1a\x21\x2f"
+ "\x02\xb9\xf0\xd0\xbb\xf7\xb7\x78\xf9\x3d\x76\x60\xd6\x6b\x5f\x35"
+ "\x88\x14\x33\xe6\xbc\xca\x6b\x88\x90\x57\x3b\x0c\xa3\x6e\x47\xdf"
+ "\x4e\x2f\x4c\xf9\xab\x97\x38\xe4\x20\x32\x32\x96\xc8\x9e\x79\xd3"
+ "\x12";
+
+#define MAX_CHECKER_COUNT 32
+
+typedef struct QCryptoAns1DecoderResultChecker QCryptoAns1DecoderResultChecker;
+struct QCryptoAns1DecoderResultChecker {
+ int (*action) (const uint8_t **data, size_t *dlen,
+ QCryptoDERDecodeCb cb, void *opaque, Error **errp);
+ QCryptoDERDecodeCb cb;
+ const uint8_t *exp_value;
+ size_t exp_vlen;
+};
+
+typedef struct QCryptoAns1DecoderTestData QCryptoAns1DecoderTestData;
+struct QCryptoAns1DecoderTestData {
+ const char *path;
+ const uint8_t *test_data;
+ size_t test_data_len;
+ QCryptoAns1DecoderResultChecker checker[MAX_CHECKER_COUNT];
+};
+
+typedef struct QCryptoAns1DecoderTestContext QCryptoAns1DecoderTestContext;
+struct QCryptoAns1DecoderTestContext {
+ const uint8_t *data;
+ size_t dlen;
+};
+
+static int checker_callback(void *opaque, const uint8_t *value,
+ size_t vlen, Error **errp)
+{
+ QCryptoAns1DecoderResultChecker *checker =
+ (QCryptoAns1DecoderResultChecker *)opaque;
+
+ g_assert(value == checker->exp_value);
+ g_assert(vlen == checker->exp_vlen);
+ return 0;
+}
+
+static void test_ans1(const void *opaque)
+{
+ const QCryptoAns1DecoderTestData *test_data =
+ (QCryptoAns1DecoderTestData *)opaque;
+ QCryptoAns1DecoderTestContext ctx[MAX_CHECKER_COUNT];
+ int seq_depth = 0, checker_idx = 0;
+ ctx[seq_depth].data = test_data->test_data;
+ ctx[seq_depth].dlen = test_data->test_data_len;
+ bool all_checker_completed = false;
+
+ do {
+ const QCryptoAns1DecoderResultChecker *checker =
+ &test_data->checker[checker_idx++];
+ QCryptoAns1DecoderTestContext *c = &ctx[seq_depth];
+ if (!checker->action) {
+ all_checker_completed = true;
+ break;
+ }
+ g_assert(checker->action(&c->data, &c->dlen, checker_callback,
+ (void *)checker, &error_abort)
+ == checker->exp_vlen);
+ if (checker->action == qcrypto_der_decode_seq) {
+ ++seq_depth;
+ ctx[seq_depth].data = checker->exp_value;
+ ctx[seq_depth].dlen = checker->exp_vlen;
+ }
+ while (seq_depth != 0 && ctx[seq_depth].dlen == 0) {
+ --seq_depth;
+ }
+
+ } while (true);
+ g_assert(seq_depth == 0);
+ g_assert(ctx[seq_depth].dlen == 0);
+ g_assert(all_checker_completed);
+}
+
+static QCryptoAns1DecoderTestData test_data[] = {
+{
+ .path = "/crypto/der/parse-rsa512-priv-key",
+ .test_data = test_rsa512_priv_key,
+ .test_data_len = sizeof(test_rsa512_priv_key) - 1,
+ .checker = {
+ { qcrypto_der_decode_seq, checker_callback,
+ test_rsa512_priv_key + 4, 313 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa512_priv_key + 4 + 2, 1 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa512_priv_key + 7 + 2, 65 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa512_priv_key + 74 + 2, 3 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa512_priv_key + 79 + 2, 64 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa512_priv_key + 145 + 2, 33 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa512_priv_key + 180 + 2, 33 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa512_priv_key + 215 + 2, 32 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa512_priv_key + 249 + 2, 32 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa512_priv_key + 283 + 2, 32 },
+ },
+},
+{
+ .path = "/crypto/der/parse-rsa2048-priv-key",
+ .test_data = test_rsa2048_priv_key,
+ .test_data_len = sizeof(test_rsa2048_priv_key) - 1,
+ .checker = {
+ { qcrypto_der_decode_seq, checker_callback,
+ test_rsa2048_priv_key + 4, 1190 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa2048_priv_key + 4 + 2, 1 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa2048_priv_key + 7 + 4, 257 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa2048_priv_key + 268 + 2, 3 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa2048_priv_key + 273 + 4, 257 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa2048_priv_key + 534 + 3, 129 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa2048_priv_key + 666 + 3, 129 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa2048_priv_key + 798 + 3, 129 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa2048_priv_key + 930 + 3, 129 },
+ { qcrypto_der_decode_int, checker_callback,
+ test_rsa2048_priv_key + 1062 + 3, 129 },
+ },
+},
+
+};
+
+int main(int argc, char **argv)
+{
+ size_t i;
+ g_test_init(&argc, &argv, NULL);
+
+ for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
+ g_test_add_data_func(test_data[i].path, &test_data[i], test_ans1);
+ }
+
+ return g_test_run();
+}
--
2.36.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PULL 4/7] crypto: Implement RSA algorithm by hogweed
2022-05-26 10:45 [PULL 0/7] crypto asymmetric cipher patches Daniel P. Berrangé
` (2 preceding siblings ...)
2022-05-26 10:45 ` [PULL 3/7] crypto: add ASN.1 DER decoder Daniel P. Berrangé
@ 2022-05-26 10:45 ` Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 5/7] crypto: Implement RSA algorithm by gcrypt Daniel P. Berrangé
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Daniel P. Berrangé @ 2022-05-26 10:45 UTC (permalink / raw)
To: qemu-devel
Cc: Daniel P. Berrangé,
Markus Armbruster, Eric Blake, Lei He, zhenwei pi
From: Lei He <helei.sig11@bytedance.com>
Implement RSA algorithm by hogweed from nettle. Thus QEMU supports
a 'real' RSA backend to handle request from guest side. It's
important to test RSA offload case without OS & hardware requirement.
Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/akcipher-nettle.c.inc | 451 +++++++++++++++++++++++++++++++++++
crypto/akcipher.c | 4 +
crypto/meson.build | 4 +
crypto/rsakey-builtin.c.inc | 200 ++++++++++++++++
crypto/rsakey-nettle.c.inc | 158 ++++++++++++
crypto/rsakey.c | 44 ++++
crypto/rsakey.h | 92 +++++++
meson.build | 11 +
8 files changed, 964 insertions(+)
create mode 100644 crypto/akcipher-nettle.c.inc
create mode 100644 crypto/rsakey-builtin.c.inc
create mode 100644 crypto/rsakey-nettle.c.inc
create mode 100644 crypto/rsakey.c
create mode 100644 crypto/rsakey.h
diff --git a/crypto/akcipher-nettle.c.inc b/crypto/akcipher-nettle.c.inc
new file mode 100644
index 0000000000..a7c0c6a1ee
--- /dev/null
+++ b/crypto/akcipher-nettle.c.inc
@@ -0,0 +1,451 @@
+/*
+ * QEMU Crypto akcipher algorithms
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: lei he <helei.sig11@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <nettle/rsa.h>
+
+#include "qemu/osdep.h"
+#include "qemu/host-utils.h"
+#include "crypto/akcipher.h"
+#include "crypto/random.h"
+#include "qapi/error.h"
+#include "sysemu/cryptodev.h"
+#include "rsakey.h"
+
+typedef struct QCryptoNettleRSA {
+ QCryptoAkCipher akcipher;
+ struct rsa_public_key pub;
+ struct rsa_private_key priv;
+ QCryptoRSAPaddingAlgorithm padding_alg;
+ QCryptoHashAlgorithm hash_alg;
+} QCryptoNettleRSA;
+
+static void qcrypto_nettle_rsa_free(QCryptoAkCipher *akcipher)
+{
+ QCryptoNettleRSA *rsa = (QCryptoNettleRSA *)akcipher;
+ if (!rsa) {
+ return;
+ }
+
+ rsa_public_key_clear(&rsa->pub);
+ rsa_private_key_clear(&rsa->priv);
+ g_free(rsa);
+}
+
+static QCryptoAkCipher *qcrypto_nettle_rsa_new(
+ const QCryptoAkCipherOptionsRSA *opt,
+ QCryptoAkCipherKeyType type,
+ const uint8_t *key, size_t keylen,
+ Error **errp);
+
+QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts,
+ QCryptoAkCipherKeyType type,
+ const uint8_t *key, size_t keylen,
+ Error **errp)
+{
+ switch (opts->alg) {
+ case QCRYPTO_AKCIPHER_ALG_RSA:
+ return qcrypto_nettle_rsa_new(&opts->u.rsa, type, key, keylen, errp);
+
+ default:
+ error_setg(errp, "Unsupported algorithm: %u", opts->alg);
+ return NULL;
+ }
+
+ return NULL;
+}
+
+static void qcrypto_nettle_rsa_set_akcipher_size(QCryptoAkCipher *akcipher,
+ int key_size)
+{
+ akcipher->max_plaintext_len = key_size;
+ akcipher->max_ciphertext_len = key_size;
+ akcipher->max_signature_len = key_size;
+ akcipher->max_dgst_len = key_size;
+}
+
+static int qcrypt_nettle_parse_rsa_private_key(QCryptoNettleRSA *rsa,
+ const uint8_t *key,
+ size_t keylen,
+ Error **errp)
+{
+ g_autoptr(QCryptoAkCipherRSAKey) rsa_key = qcrypto_akcipher_rsakey_parse(
+ QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE, key, keylen, errp);
+
+ if (!rsa_key) {
+ return -1;
+ }
+
+ nettle_mpz_init_set_str_256_u(rsa->pub.n, rsa_key->n.len, rsa_key->n.data);
+ nettle_mpz_init_set_str_256_u(rsa->pub.e, rsa_key->e.len, rsa_key->e.data);
+ nettle_mpz_init_set_str_256_u(rsa->priv.d, rsa_key->d.len, rsa_key->d.data);
+ nettle_mpz_init_set_str_256_u(rsa->priv.p, rsa_key->p.len, rsa_key->p.data);
+ nettle_mpz_init_set_str_256_u(rsa->priv.q, rsa_key->q.len, rsa_key->q.data);
+ nettle_mpz_init_set_str_256_u(rsa->priv.a, rsa_key->dp.len,
+ rsa_key->dp.data);
+ nettle_mpz_init_set_str_256_u(rsa->priv.b, rsa_key->dq.len,
+ rsa_key->dq.data);
+ nettle_mpz_init_set_str_256_u(rsa->priv.c, rsa_key->u.len, rsa_key->u.data);
+
+ if (!rsa_public_key_prepare(&rsa->pub)) {
+ error_setg(errp, "Failed to check RSA key");
+ return -1;
+ }
+
+ /**
+ * Since in the kernel's unit test, the p, q, a, b, c of some
+ * private keys is 0, only the simplest length check is done here
+ */
+ if (rsa_key->p.len > 1 &&
+ rsa_key->q.len > 1 &&
+ rsa_key->dp.len > 1 &&
+ rsa_key->dq.len > 1 &&
+ rsa_key->u.len > 1) {
+ if (!rsa_private_key_prepare(&rsa->priv)) {
+ error_setg(errp, "Failed to check RSA key");
+ return -1;
+ }
+ } else {
+ rsa->priv.size = rsa->pub.size;
+ }
+ qcrypto_nettle_rsa_set_akcipher_size(
+ (QCryptoAkCipher *)rsa, rsa->priv.size);
+
+ return 0;
+}
+
+static int qcrypt_nettle_parse_rsa_public_key(QCryptoNettleRSA *rsa,
+ const uint8_t *key,
+ size_t keylen,
+ Error **errp)
+{
+ g_autoptr(QCryptoAkCipherRSAKey) rsa_key = qcrypto_akcipher_rsakey_parse(
+ QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, key, keylen, errp);
+
+ if (!rsa_key) {
+ return -1;
+ }
+ nettle_mpz_init_set_str_256_u(rsa->pub.n, rsa_key->n.len, rsa_key->n.data);
+ nettle_mpz_init_set_str_256_u(rsa->pub.e, rsa_key->e.len, rsa_key->e.data);
+
+ if (!rsa_public_key_prepare(&rsa->pub)) {
+ error_setg(errp, "Failed to check RSA key");
+ return -1;
+ }
+ qcrypto_nettle_rsa_set_akcipher_size(
+ (QCryptoAkCipher *)rsa, rsa->pub.size);
+
+ return 0;
+}
+
+static void wrap_nettle_random_func(void *ctx, size_t len, uint8_t *out)
+{
+ qcrypto_random_bytes(out, len, &error_abort);
+}
+
+static int qcrypto_nettle_rsa_encrypt(QCryptoAkCipher *akcipher,
+ const void *data, size_t data_len,
+ void *enc, size_t enc_len,
+ Error **errp)
+{
+
+ QCryptoNettleRSA *rsa = (QCryptoNettleRSA *)akcipher;
+ mpz_t c;
+ int ret = -1;
+
+ if (data_len > rsa->pub.size) {
+ error_setg(errp, "Plaintext length %zu is greater than key size: %zu"
+ data_len, rsa->pub.size);
+ return ret;
+ }
+
+ if (enc_len < rsa->pub.size) {
+ error_setg(errp, "Ciphertext buffer length %zu is less than "
+ "key size: %zu", rsa->pub.size);
+ return ret;
+ }
+
+ /* Nettle do not support RSA encryption without any padding */
+ switch (rsa->padding_alg) {
+ case QCRYPTO_RSA_PADDING_ALG_RAW:
+ error_setg(errp, "RSA with raw padding is not supported");
+ break;
+
+ case QCRYPTO_RSA_PADDING_ALG_PKCS1:
+ mpz_init(c);
+ if (rsa_encrypt(&rsa->pub, NULL, wrap_nettle_random_func,
+ data_len, (uint8_t *)data, c) != 1) {
+ error_setg(errp, "Failed to encrypt");
+ } else {
+ nettle_mpz_get_str_256(enc_len, (uint8_t *)enc, c);
+ ret = nettle_mpz_sizeinbase_256_u(c);
+ }
+ mpz_clear(c);
+ break;
+
+ default:
+ error_setg(errp, "Unknown padding");
+ }
+
+ return ret;
+}
+
+static int qcrypto_nettle_rsa_decrypt(QCryptoAkCipher *akcipher,
+ const void *enc, size_t enc_len,
+ void *data, size_t data_len,
+ Error **errp)
+{
+ QCryptoNettleRSA *rsa = (QCryptoNettleRSA *)akcipher;
+ mpz_t c;
+ int ret = -1;
+
+ if (enc_len > rsa->priv.size) {
+ error_setg(errp, "Ciphertext length %zu is greater than key size: %zu",
+ rsa->priv.size);
+ return ret;
+ }
+
+ switch (rsa->padding_alg) {
+ case QCRYPTO_RSA_PADDING_ALG_RAW:
+ error_setg(errp, "RSA with raw padding is not supported");
+ break;
+
+ case QCRYPTO_RSA_PADDING_ALG_PKCS1:
+ nettle_mpz_init_set_str_256_u(c, enc_len, enc);
+ if (!rsa_decrypt(&rsa->priv, &data_len, (uint8_t *)data, c)) {
+ error_setg(errp, "Failed to decrypt");
+ } else {
+ ret = data_len;
+ }
+
+ mpz_clear(c);
+ break;
+
+ default:
+ error_setg(errp, "Unknown padding algorithm: %d", rsa->padding_alg);
+ }
+
+ return ret;
+}
+
+static int qcrypto_nettle_rsa_sign(QCryptoAkCipher *akcipher,
+ const void *data, size_t data_len,
+ void *sig, size_t sig_len, Error **errp)
+{
+ QCryptoNettleRSA *rsa = (QCryptoNettleRSA *)akcipher;
+ int ret = -1, rv;
+ mpz_t s;
+
+ /**
+ * The RSA algorithm cannot be used for signature/verification
+ * without padding.
+ */
+ if (rsa->padding_alg == QCRYPTO_RSA_PADDING_ALG_RAW) {
+ error_setg(errp, "Try to make signature without padding");
+ return ret;
+ }
+
+ if (data_len > rsa->priv.size) {
+ error_setg(errp, "Data length %zu is greater than key size: %zu",
+ rsa->priv.size);
+ return ret;
+ }
+
+ if (sig_len < rsa->priv.size) {
+ error_setg(errp, "Signature buffer length %zu is less than "
+ "key size: %zu", rsa->priv.size);
+ return ret;
+ }
+
+ mpz_init(s);
+ switch (rsa->hash_alg) {
+ case QCRYPTO_HASH_ALG_MD5:
+ rv = rsa_md5_sign_digest(&rsa->priv, data, s);
+ break;
+
+ case QCRYPTO_HASH_ALG_SHA1:
+ rv = rsa_sha1_sign_digest(&rsa->priv, data, s);
+ break;
+
+ case QCRYPTO_HASH_ALG_SHA256:
+ rv = rsa_sha256_sign_digest(&rsa->priv, data, s);
+ break;
+
+ case QCRYPTO_HASH_ALG_SHA512:
+ rv = rsa_sha512_sign_digest(&rsa->priv, data, s);
+ break;
+
+ default:
+ error_setg(errp, "Unknown hash algorithm: %d", rsa->hash_alg);
+ goto cleanup;
+ }
+
+ if (rv != 1) {
+ error_setg(errp, "Failed to make signature");
+ goto cleanup;
+ }
+ nettle_mpz_get_str_256(sig_len, (uint8_t *)sig, s);
+ ret = nettle_mpz_sizeinbase_256_u(s);
+
+cleanup:
+ mpz_clear(s);
+
+ return ret;
+}
+
+static int qcrypto_nettle_rsa_verify(QCryptoAkCipher *akcipher,
+ const void *sig, size_t sig_len,
+ const void *data, size_t data_len,
+ Error **errp)
+{
+ QCryptoNettleRSA *rsa = (QCryptoNettleRSA *)akcipher;
+
+ int ret = -1, rv;
+ mpz_t s;
+
+ /**
+ * The RSA algorithm cannot be used for signature/verification
+ * without padding.
+ */
+ if (rsa->padding_alg == QCRYPTO_RSA_PADDING_ALG_RAW) {
+ error_setg(errp, "Try to verify signature without padding");
+ return ret;
+ }
+ if (data_len > rsa->pub.size) {
+ error_setg(errp, "Data length %zu is greater than key size: %zu",
+ rsa->pub.size);
+ return ret;
+ }
+ if (sig_len < rsa->pub.size) {
+ error_setg(errp, "Signature length %zu is greater than key size: %zu",
+ rsa->pub.size);
+ return ret;
+ }
+
+ nettle_mpz_init_set_str_256_u(s, sig_len, sig);
+ switch (rsa->hash_alg) {
+ case QCRYPTO_HASH_ALG_MD5:
+ rv = rsa_md5_verify_digest(&rsa->pub, data, s);
+ break;
+
+ case QCRYPTO_HASH_ALG_SHA1:
+ rv = rsa_sha1_verify_digest(&rsa->pub, data, s);
+ break;
+
+ case QCRYPTO_HASH_ALG_SHA256:
+ rv = rsa_sha256_verify_digest(&rsa->pub, data, s);
+ break;
+
+ case QCRYPTO_HASH_ALG_SHA512:
+ rv = rsa_sha512_verify_digest(&rsa->pub, data, s);
+ break;
+
+ default:
+ error_setg(errp, "Unsupported hash algorithm: %d", rsa->hash_alg);
+ goto cleanup;
+ }
+
+ if (rv != 1) {
+ error_setg(errp, "Failed to verify signature");
+ goto cleanup;
+ }
+ ret = 0;
+
+cleanup:
+ mpz_clear(s);
+
+ return ret;
+}
+
+QCryptoAkCipherDriver nettle_rsa = {
+ .encrypt = qcrypto_nettle_rsa_encrypt,
+ .decrypt = qcrypto_nettle_rsa_decrypt,
+ .sign = qcrypto_nettle_rsa_sign,
+ .verify = qcrypto_nettle_rsa_verify,
+ .free = qcrypto_nettle_rsa_free,
+};
+
+static QCryptoAkCipher *qcrypto_nettle_rsa_new(
+ const QCryptoAkCipherOptionsRSA *opt,
+ QCryptoAkCipherKeyType type,
+ const uint8_t *key, size_t keylen,
+ Error **errp)
+{
+ QCryptoNettleRSA *rsa = g_new0(QCryptoNettleRSA, 1);
+
+ rsa->padding_alg = opt->padding_alg;
+ rsa->hash_alg = opt->hash_alg;
+ rsa->akcipher.driver = &nettle_rsa;
+ rsa_public_key_init(&rsa->pub);
+ rsa_private_key_init(&rsa->priv);
+
+ switch (type) {
+ case QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE:
+ if (qcrypt_nettle_parse_rsa_private_key(rsa, key, keylen, errp) != 0) {
+ goto error;
+ }
+ break;
+
+ case QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC:
+ if (qcrypt_nettle_parse_rsa_public_key(rsa, key, keylen, errp) != 0) {
+ goto error;
+ }
+ break;
+
+ default:
+ error_setg(errp, "Unknown akcipher key type %d", type);
+ goto error;
+ }
+
+ return (QCryptoAkCipher *)rsa;
+
+error:
+ qcrypto_nettle_rsa_free((QCryptoAkCipher *)rsa);
+ return NULL;
+}
+
+
+bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts)
+{
+ switch (opts->alg) {
+ case QCRYPTO_AKCIPHER_ALG_RSA:
+ switch (opts->u.rsa.padding_alg) {
+ case QCRYPTO_RSA_PADDING_ALG_PKCS1:
+ switch (opts->u.rsa.hash_alg) {
+ case QCRYPTO_HASH_ALG_MD5:
+ case QCRYPTO_HASH_ALG_SHA1:
+ case QCRYPTO_HASH_ALG_SHA256:
+ case QCRYPTO_HASH_ALG_SHA512:
+ return true;
+
+ default:
+ return false;
+ }
+
+ case QCRYPTO_RSA_PADDING_ALG_RAW:
+ default:
+ return false;
+ }
+ break;
+
+ default:
+ return false;
+ }
+}
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
index ab28bf415b..f287083f92 100644
--- a/crypto/akcipher.c
+++ b/crypto/akcipher.c
@@ -23,6 +23,9 @@
#include "crypto/akcipher.h"
#include "akcipherpriv.h"
+#if defined(CONFIG_NETTLE) && defined(CONFIG_HOGWEED)
+#include "akcipher-nettle.c.inc"
+#else
QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts,
QCryptoAkCipherKeyType type,
const uint8_t *key, size_t keylen,
@@ -37,6 +40,7 @@ bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts)
{
return false;
}
+#endif
int qcrypto_akcipher_encrypt(QCryptoAkCipher *akcipher,
const void *in, size_t in_len,
diff --git a/crypto/meson.build b/crypto/meson.build
index b8152ae7cb..5f03a30d34 100644
--- a/crypto/meson.build
+++ b/crypto/meson.build
@@ -21,10 +21,14 @@ crypto_ss.add(files(
'tlscredspsk.c',
'tlscredsx509.c',
'tlssession.c',
+ 'rsakey.c',
))
if nettle.found()
crypto_ss.add(nettle, files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-nettle.c'))
+ if hogweed.found()
+ crypto_ss.add(gmp, hogweed)
+ endif
if xts == 'private'
crypto_ss.add(files('xts.c'))
endif
diff --git a/crypto/rsakey-builtin.c.inc b/crypto/rsakey-builtin.c.inc
new file mode 100644
index 0000000000..aeeacc8f9b
--- /dev/null
+++ b/crypto/rsakey-builtin.c.inc
@@ -0,0 +1,200 @@
+/*
+ * QEMU Crypto akcipher algorithms
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: lei he <helei.sig11@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "der.h"
+#include "rsakey.h"
+
+static int extract_mpi(void *ctx, const uint8_t *value,
+ size_t vlen, Error **errp)
+{
+ QCryptoAkCipherMPI *mpi = (QCryptoAkCipherMPI *)ctx;
+ if (vlen == 0) {
+ error_setg(errp, "Empty mpi field");
+ return -1;
+ }
+ mpi->data = g_memdup2(value, vlen);
+ mpi->len = vlen;
+ return 0;
+}
+
+static int extract_version(void *ctx, const uint8_t *value,
+ size_t vlen, Error **errp)
+{
+ uint8_t *version = (uint8_t *)ctx;
+ if (vlen != 1 || *value > 1) {
+ error_setg(errp, "Invalid rsakey version");
+ return -1;
+ }
+ *version = *value;
+ return 0;
+}
+
+static int extract_seq_content(void *ctx, const uint8_t *value,
+ size_t vlen, Error **errp)
+{
+ const uint8_t **content = (const uint8_t **)ctx;
+ if (vlen == 0) {
+ error_setg(errp, "Empty sequence");
+ return -1;
+ }
+ *content = value;
+ return 0;
+}
+
+/**
+ *
+ * RsaPubKey ::= SEQUENCE {
+ * n INTEGER
+ * e INTEGER
+ * }
+ */
+static QCryptoAkCipherRSAKey *qcrypto_builtin_rsa_public_key_parse(
+ const uint8_t *key, size_t keylen, Error **errp)
+{
+ QCryptoAkCipherRSAKey *rsa = g_new0(QCryptoAkCipherRSAKey, 1);
+ const uint8_t *seq;
+ size_t seq_length;
+ int decode_ret;
+
+ decode_ret = qcrypto_der_decode_seq(&key, &keylen,
+ extract_seq_content, &seq, errp);
+ if (decode_ret < 0 || keylen != 0) {
+ goto error;
+ }
+ seq_length = decode_ret;
+
+ if (qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
+ &rsa->n, errp) < 0 ||
+ qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
+ &rsa->e, errp) < 0) {
+ goto error;
+ }
+ if (seq_length != 0) {
+ goto error;
+ }
+
+ return rsa;
+
+error:
+ if (errp && !*errp) {
+ error_setg(errp, "Invalid RSA public key");
+ }
+ qcrypto_akcipher_rsakey_free(rsa);
+ return NULL;
+}
+
+/**
+ * RsaPrivKey ::= SEQUENCE {
+ * version INTEGER
+ * n INTEGER
+ * e INTEGER
+ * d INTEGER
+ * p INTEGER
+ * q INTEGER
+ * dp INTEGER
+ * dq INTEGER
+ * u INTEGER
+ * otherPrimeInfos OtherPrimeInfos OPTIONAL
+ * }
+ */
+static QCryptoAkCipherRSAKey *qcrypto_builtin_rsa_private_key_parse(
+ const uint8_t *key, size_t keylen, Error **errp)
+{
+ QCryptoAkCipherRSAKey *rsa = g_new0(QCryptoAkCipherRSAKey, 1);
+ uint8_t version;
+ const uint8_t *seq;
+ int decode_ret;
+ size_t seq_length;
+
+ decode_ret = qcrypto_der_decode_seq(&key, &keylen, extract_seq_content,
+ &seq, errp);
+ if (decode_ret < 0 || keylen != 0) {
+ goto error;
+ }
+ seq_length = decode_ret;
+
+ decode_ret = qcrypto_der_decode_int(&seq, &seq_length, extract_version,
+ &version, errp);
+
+ if (qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
+ &rsa->n, errp) < 0 ||
+ qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
+ &rsa->e, errp) < 0 ||
+ qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
+ &rsa->d, errp) < 0 ||
+ qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->p,
+ errp) < 0 ||
+ qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->q,
+ errp) < 0 ||
+ qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->dp,
+ errp) < 0 ||
+ qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->dq,
+ errp) < 0 ||
+ qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->u,
+ errp) < 0) {
+ goto error;
+ }
+
+ /**
+ * According to the standard, otherPrimeInfos must be present for version 1.
+ * There is no strict verification here, this is to be compatible with
+ * the unit test of the kernel. TODO: remove this until linux kernel's
+ * unit-test is fixed.
+ */
+ if (version == 1 && seq_length != 0) {
+ if (qcrypto_der_decode_seq(&seq, &seq_length, NULL, NULL, errp) < 0) {
+ goto error;
+ }
+ if (seq_length != 0) {
+ goto error;
+ }
+ return rsa;
+ }
+ if (seq_length != 0) {
+ goto error;
+ }
+
+ return rsa;
+
+error:
+ if (errp && !*errp) {
+ error_setg(errp, "Invalid RSA private key");
+ }
+ qcrypto_akcipher_rsakey_free(rsa);
+ return NULL;
+}
+
+QCryptoAkCipherRSAKey *qcrypto_akcipher_rsakey_parse(
+ QCryptoAkCipherKeyType type, const uint8_t *key,
+ size_t keylen, Error **errp)
+{
+ switch (type) {
+ case QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE:
+ return qcrypto_builtin_rsa_private_key_parse(key, keylen, errp);
+
+ case QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC:
+ return qcrypto_builtin_rsa_public_key_parse(key, keylen, errp);
+
+ default:
+ error_setg(errp, "Unknown key type: %d", type);
+ return NULL;
+ }
+}
diff --git a/crypto/rsakey-nettle.c.inc b/crypto/rsakey-nettle.c.inc
new file mode 100644
index 0000000000..cc49872e78
--- /dev/null
+++ b/crypto/rsakey-nettle.c.inc
@@ -0,0 +1,158 @@
+/*
+ * QEMU Crypto akcipher algorithms
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: lei he <helei.sig11@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <nettle/asn1.h>
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "rsakey.h"
+
+static bool DumpMPI(struct asn1_der_iterator *i, QCryptoAkCipherMPI *mpi)
+{
+ mpi->data = g_memdup2(i->data, i->length);
+ mpi->len = i->length;
+ return true;
+}
+
+static bool GetMPI(struct asn1_der_iterator *i, QCryptoAkCipherMPI *mpi)
+{
+ if (asn1_der_iterator_next(i) != ASN1_ITERATOR_PRIMITIVE ||
+ i->type != ASN1_INTEGER) {
+ return false;
+ }
+ return DumpMPI(i, mpi);
+}
+
+/**
+ * RsaPrivKey ::= SEQUENCE {
+ * version INTEGER
+ * n INTEGER
+ * e INTEGER
+ * d INTEGER
+ * p INTEGER
+ * q INTEGER
+ * dp INTEGER
+ * dq INTEGER
+ * u INTEGER
+ * otherPrimeInfos OtherPrimeInfos OPTIONAL
+ * }
+ */
+static QCryptoAkCipherRSAKey *qcrypto_nettle_rsa_private_key_parse(
+ const uint8_t *key, size_t keylen, Error **errp)
+{
+ QCryptoAkCipherRSAKey *rsa = g_new0(QCryptoAkCipherRSAKey, 1);
+ struct asn1_der_iterator i;
+ uint32_t version;
+ int tag;
+
+ /* Parse entire struct */
+ if (asn1_der_iterator_first(&i, keylen, key) != ASN1_ITERATOR_CONSTRUCTED ||
+ i.type != ASN1_SEQUENCE ||
+ asn1_der_decode_constructed_last(&i) != ASN1_ITERATOR_PRIMITIVE ||
+ i.type != ASN1_INTEGER ||
+ !asn1_der_get_uint32(&i, &version) ||
+ version > 1 ||
+ !GetMPI(&i, &rsa->n) ||
+ !GetMPI(&i, &rsa->e) ||
+ !GetMPI(&i, &rsa->d) ||
+ !GetMPI(&i, &rsa->p) ||
+ !GetMPI(&i, &rsa->q) ||
+ !GetMPI(&i, &rsa->dp) ||
+ !GetMPI(&i, &rsa->dq) ||
+ !GetMPI(&i, &rsa->u)) {
+ goto error;
+ }
+
+ if (version == 1) {
+ tag = asn1_der_iterator_next(&i);
+ /**
+ * According to the standard otherPrimeInfos must be present for
+ * version 1. There is no strict verification here, this is to be
+ * compatible with the unit test of the kernel. TODO: remove this
+ * until linux-kernel's unit-test is fixed;
+ */
+ if (tag == ASN1_ITERATOR_END) {
+ return rsa;
+ }
+ if (tag != ASN1_ITERATOR_CONSTRUCTED ||
+ i.type != ASN1_SEQUENCE) {
+ goto error;
+ }
+ }
+
+ if (asn1_der_iterator_next(&i) != ASN1_ITERATOR_END) {
+ goto error;
+ }
+
+ return rsa;
+
+error:
+ error_setg(errp, "Failed to parse RSA private key");
+ qcrypto_akcipher_rsakey_free(rsa);
+ return NULL;
+}
+
+/**
+ * RsaPubKey ::= SEQUENCE {
+ * n INTEGER
+ * e INTEGER
+ * }
+ */
+static QCryptoAkCipherRSAKey *qcrypto_nettle_rsa_public_key_parse(
+ const uint8_t *key, size_t keylen, Error **errp)
+{
+
+ QCryptoAkCipherRSAKey *rsa = g_new0(QCryptoAkCipherRSAKey, 1);
+ struct asn1_der_iterator i;
+
+ if (asn1_der_iterator_first(&i, keylen, key) != ASN1_ITERATOR_CONSTRUCTED ||
+ i.type != ASN1_SEQUENCE ||
+ asn1_der_decode_constructed_last(&i) != ASN1_ITERATOR_PRIMITIVE ||
+ !DumpMPI(&i, &rsa->n) ||
+ !GetMPI(&i, &rsa->e) ||
+ asn1_der_iterator_next(&i) != ASN1_ITERATOR_END) {
+ goto error;
+ }
+
+ return rsa;
+
+error:
+ error_setg(errp, "Failed to parse RSA public key");
+ qcrypto_akcipher_rsakey_free(rsa);
+ return NULL;
+}
+
+QCryptoAkCipherRSAKey *qcrypto_akcipher_rsakey_parse(
+ QCryptoAkCipherKeyType type, const uint8_t *key,
+ size_t keylen, Error **errp)
+{
+ switch (type) {
+ case QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE:
+ return qcrypto_nettle_rsa_private_key_parse(key, keylen, errp);
+
+ case QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC:
+ return qcrypto_nettle_rsa_public_key_parse(key, keylen, errp);
+
+ default:
+ error_setg(errp, "Unknown key type: %d", type);
+ return NULL;
+ }
+}
diff --git a/crypto/rsakey.c b/crypto/rsakey.c
new file mode 100644
index 0000000000..cc40e072f0
--- /dev/null
+++ b/crypto/rsakey.c
@@ -0,0 +1,44 @@
+/*
+ * QEMU Crypto RSA key parser
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: lei he <helei.sig11@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "rsakey.h"
+
+void qcrypto_akcipher_rsakey_free(QCryptoAkCipherRSAKey *rsa_key)
+{
+ if (!rsa_key) {
+ return;
+ }
+ g_free(rsa_key->n.data);
+ g_free(rsa_key->e.data);
+ g_free(rsa_key->d.data);
+ g_free(rsa_key->p.data);
+ g_free(rsa_key->q.data);
+ g_free(rsa_key->dp.data);
+ g_free(rsa_key->dq.data);
+ g_free(rsa_key->u.data);
+ g_free(rsa_key);
+}
+
+#if defined(CONFIG_NETTLE) && defined(CONFIG_HOGWEED)
+#include "rsakey-nettle.c.inc"
+#else
+#include "rsakey-builtin.c.inc"
+#endif
diff --git a/crypto/rsakey.h b/crypto/rsakey.h
new file mode 100644
index 0000000000..974b76f659
--- /dev/null
+++ b/crypto/rsakey.h
@@ -0,0 +1,92 @@
+/*
+ * QEMU Crypto RSA key parser
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: lei he <helei.sig11@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef QCRYPTO_RSAKEY_H
+#define QCRYPTO_RSAKEY_H
+
+#include "qemu/osdep.h"
+#include "qemu/host-utils.h"
+#include "crypto/akcipher.h"
+
+typedef struct QCryptoAkCipherRSAKey QCryptoAkCipherRSAKey;
+typedef struct QCryptoAkCipherMPI QCryptoAkCipherMPI;
+
+/**
+ * Multiple precious integer, encoded as two' complement,
+ * copied directly from DER encoded ASN.1 structures.
+ */
+struct QCryptoAkCipherMPI {
+ uint8_t *data;
+ size_t len;
+};
+
+/* See rfc2437: https://datatracker.ietf.org/doc/html/rfc2437 */
+struct QCryptoAkCipherRSAKey {
+ /* The modulus */
+ QCryptoAkCipherMPI n;
+ /* The public exponent */
+ QCryptoAkCipherMPI e;
+ /* The private exponent */
+ QCryptoAkCipherMPI d;
+ /* The first factor */
+ QCryptoAkCipherMPI p;
+ /* The second factor */
+ QCryptoAkCipherMPI q;
+ /* The first factor's exponent */
+ QCryptoAkCipherMPI dp;
+ /* The second factor's exponent */
+ QCryptoAkCipherMPI dq;
+ /* The CRT coefficient */
+ QCryptoAkCipherMPI u;
+};
+
+/**
+ * Parse DER encoded ASN.1 RSA keys, expected ASN.1 schemas:
+ * RsaPrivKey ::= SEQUENCE {
+ * version INTEGER
+ * n INTEGER
+ * e INTEGER
+ * d INTEGER
+ * p INTEGER
+ * q INTEGER
+ * dp INTEGER
+ * dq INTEGER
+ * u INTEGER
+ * otherPrimeInfos OtherPrimeInfos OPTIONAL
+ * }
+ *
+ * RsaPubKey ::= SEQUENCE {
+ * n INTEGER
+ * e INTEGER
+ * }
+ *
+ * Returns: On success QCryptoAkCipherRSAKey is returned, otherwise returns NULL
+ */
+QCryptoAkCipherRSAKey *qcrypto_akcipher_rsakey_parse(
+ QCryptoAkCipherKeyType type,
+ const uint8_t *key, size_t keylen, Error **errp);
+
+void qcrypto_akcipher_rsakey_free(QCryptoAkCipherRSAKey *key);
+
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoAkCipherRSAKey,
+ qcrypto_akcipher_rsakey_free);
+
+#endif
diff --git a/meson.build b/meson.build
index 9ebc00f032..df7c34b076 100644
--- a/meson.build
+++ b/meson.build
@@ -1121,6 +1121,7 @@ endif
# gcrypt over nettle for performance reasons.
gcrypt = not_found
nettle = not_found
+hogweed = not_found
xts = 'none'
if get_option('nettle').enabled() and get_option('gcrypt').enabled()
@@ -1158,6 +1159,15 @@ if not gnutls_crypto.found()
endif
endif
+gmp = dependency('gmp', required: false, method: 'pkg-config', kwargs: static_kwargs)
+if nettle.found() and gmp.found()
+ hogweed = dependency('hogweed', version: '>=3.4',
+ method: 'pkg-config',
+ required: get_option('nettle'),
+ kwargs: static_kwargs)
+endif
+
+
gtk = not_found
gtkx11 = not_found
vte = not_found
@@ -1769,6 +1779,7 @@ config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found())
config_host_data.set('CONFIG_TASN1', tasn1.found())
config_host_data.set('CONFIG_GCRYPT', gcrypt.found())
config_host_data.set('CONFIG_NETTLE', nettle.found())
+config_host_data.set('CONFIG_HOGWEED', hogweed.found())
config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts == 'private')
config_host_data.set('CONFIG_MALLOC_TRIM', has_malloc_trim)
config_host_data.set('CONFIG_STATX', has_statx)
--
2.36.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PULL 5/7] crypto: Implement RSA algorithm by gcrypt
2022-05-26 10:45 [PULL 0/7] crypto asymmetric cipher patches Daniel P. Berrangé
` (3 preceding siblings ...)
2022-05-26 10:45 ` [PULL 4/7] crypto: Implement RSA algorithm by hogweed Daniel P. Berrangé
@ 2022-05-26 10:45 ` Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 6/7] test/crypto: Add test suite for crypto akcipher Daniel P. Berrangé
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Daniel P. Berrangé @ 2022-05-26 10:45 UTC (permalink / raw)
To: qemu-devel; +Cc: Daniel P. Berrangé, Markus Armbruster, Eric Blake, Lei He
From: Lei He <helei.sig11@bytedance.com>
Added gcryt implementation of RSA algorithm, RSA algorithm
implemented by gcrypt has a higher priority than nettle because
it supports raw padding.
Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/akcipher-gcrypt.c.inc | 595 +++++++++++++++++++++++++++++++++++
crypto/akcipher.c | 4 +-
2 files changed, 598 insertions(+), 1 deletion(-)
create mode 100644 crypto/akcipher-gcrypt.c.inc
diff --git a/crypto/akcipher-gcrypt.c.inc b/crypto/akcipher-gcrypt.c.inc
new file mode 100644
index 0000000000..abb1fb272e
--- /dev/null
+++ b/crypto/akcipher-gcrypt.c.inc
@@ -0,0 +1,595 @@
+/*
+ * QEMU Crypto akcipher algorithms
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: lei he <helei.sig11@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <gcrypt.h>
+
+#include "qemu/osdep.h"
+#include "qemu/host-utils.h"
+#include "crypto/akcipher.h"
+#include "crypto/random.h"
+#include "qapi/error.h"
+#include "sysemu/cryptodev.h"
+#include "rsakey.h"
+
+typedef struct QCryptoGcryptRSA {
+ QCryptoAkCipher akcipher;
+ gcry_sexp_t key;
+ QCryptoRSAPaddingAlgorithm padding_alg;
+ QCryptoHashAlgorithm hash_alg;
+} QCryptoGcryptRSA;
+
+static void qcrypto_gcrypt_rsa_free(QCryptoAkCipher *akcipher)
+{
+ QCryptoGcryptRSA *rsa = (QCryptoGcryptRSA *)akcipher;
+ if (!rsa) {
+ return;
+ }
+
+ gcry_sexp_release(rsa->key);
+ g_free(rsa);
+}
+
+static QCryptoGcryptRSA *qcrypto_gcrypt_rsa_new(
+ const QCryptoAkCipherOptionsRSA *opt,
+ QCryptoAkCipherKeyType type,
+ const uint8_t *key, size_t keylen,
+ Error **errp);
+
+QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts,
+ QCryptoAkCipherKeyType type,
+ const uint8_t *key, size_t keylen,
+ Error **errp)
+{
+ switch (opts->alg) {
+ case QCRYPTO_AKCIPHER_ALG_RSA:
+ return (QCryptoAkCipher *)qcrypto_gcrypt_rsa_new(
+ &opts->u.rsa, type, key, keylen, errp);
+
+ default:
+ error_setg(errp, "Unsupported algorithm: %u", opts->alg);
+ return NULL;
+ }
+
+ return NULL;
+}
+
+static void qcrypto_gcrypt_set_rsa_size(QCryptoAkCipher *akcipher, gcry_mpi_t n)
+{
+ size_t key_size = (gcry_mpi_get_nbits(n) + 7) / 8;
+ akcipher->max_plaintext_len = key_size;
+ akcipher->max_ciphertext_len = key_size;
+ akcipher->max_dgst_len = key_size;
+ akcipher->max_signature_len = key_size;
+}
+
+static int qcrypto_gcrypt_parse_rsa_private_key(
+ QCryptoGcryptRSA *rsa,
+ const uint8_t *key, size_t keylen, Error **errp)
+{
+ g_autoptr(QCryptoAkCipherRSAKey) rsa_key = qcrypto_akcipher_rsakey_parse(
+ QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE, key, keylen, errp);
+ gcry_mpi_t n = NULL, e = NULL, d = NULL, p = NULL, q = NULL, u = NULL;
+ bool compute_mul_inv = false;
+ int ret = -1;
+ gcry_error_t err;
+
+ if (!rsa_key) {
+ return ret;
+ }
+
+ err = gcry_mpi_scan(&n, GCRYMPI_FMT_STD,
+ rsa_key->n.data, rsa_key->n.len, NULL);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to parse RSA parameter n: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ err = gcry_mpi_scan(&e, GCRYMPI_FMT_STD,
+ rsa_key->e.data, rsa_key->e.len, NULL);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to parse RSA parameter e: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ err = gcry_mpi_scan(&d, GCRYMPI_FMT_STD,
+ rsa_key->d.data, rsa_key->d.len, NULL);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to parse RSA parameter d: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ err = gcry_mpi_scan(&p, GCRYMPI_FMT_STD,
+ rsa_key->p.data, rsa_key->p.len, NULL);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to parse RSA parameter p: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ err = gcry_mpi_scan(&q, GCRYMPI_FMT_STD,
+ rsa_key->q.data, rsa_key->q.len, NULL);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to parse RSA parameter q: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ if (gcry_mpi_cmp_ui(p, 0) > 0 && gcry_mpi_cmp_ui(q, 0) > 0) {
+ compute_mul_inv = true;
+
+ u = gcry_mpi_new(0);
+ if (gcry_mpi_cmp(p, q) > 0) {
+ gcry_mpi_swap(p, q);
+ }
+ gcry_mpi_invm(u, p, q);
+ }
+
+ if (compute_mul_inv) {
+ err = gcry_sexp_build(&rsa->key, NULL,
+ "(private-key (rsa (n %m) (e %m) (d %m) (p %m) (q %m) (u %m)))",
+ n, e, d, p, q, u);
+ } else {
+ err = gcry_sexp_build(&rsa->key, NULL,
+ "(private-key (rsa (n %m) (e %m) (d %m)))", n, e, d);
+ }
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to build RSA private key: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+ qcrypto_gcrypt_set_rsa_size((QCryptoAkCipher *)rsa, n);
+ ret = 0;
+
+cleanup:
+ gcry_mpi_release(n);
+ gcry_mpi_release(e);
+ gcry_mpi_release(d);
+ gcry_mpi_release(p);
+ gcry_mpi_release(q);
+ gcry_mpi_release(u);
+ return ret;
+}
+
+static int qcrypto_gcrypt_parse_rsa_public_key(QCryptoGcryptRSA *rsa,
+ const uint8_t *key,
+ size_t keylen,
+ Error **errp)
+{
+
+ g_autoptr(QCryptoAkCipherRSAKey) rsa_key = qcrypto_akcipher_rsakey_parse(
+ QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, key, keylen, errp);
+ gcry_mpi_t n = NULL, e = NULL;
+ int ret = -1;
+ gcry_error_t err;
+
+ if (!rsa_key) {
+ return ret;
+ }
+
+ err = gcry_mpi_scan(&n, GCRYMPI_FMT_STD,
+ rsa_key->n.data, rsa_key->n.len, NULL);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to parse RSA parameter n: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ err = gcry_mpi_scan(&e, GCRYMPI_FMT_STD,
+ rsa_key->e.data, rsa_key->e.len, NULL);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to parse RSA parameter e: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ err = gcry_sexp_build(&rsa->key, NULL,
+ "(public-key (rsa (n %m) (e %m)))", n, e);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to build RSA public key: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+ qcrypto_gcrypt_set_rsa_size((QCryptoAkCipher *)rsa, n);
+ ret = 0;
+
+cleanup:
+ gcry_mpi_release(n);
+ gcry_mpi_release(e);
+ return ret;
+}
+
+static int qcrypto_gcrypt_rsa_encrypt(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ void *out, size_t out_len,
+ Error **errp)
+{
+ QCryptoGcryptRSA *rsa = (QCryptoGcryptRSA *)akcipher;
+ int ret = -1;
+ gcry_sexp_t data_sexp = NULL, cipher_sexp = NULL;
+ gcry_sexp_t cipher_sexp_item = NULL;
+ gcry_mpi_t cipher_mpi = NULL;
+ const char *result;
+ gcry_error_t err;
+ size_t actual_len;
+
+ if (in_len > akcipher->max_plaintext_len) {
+ error_setg(errp, "Plaintext length is greater than key size: %d",
+ akcipher->max_plaintext_len);
+ return ret;
+ }
+
+ err = gcry_sexp_build(&data_sexp, NULL,
+ "(data (flags %s) (value %b))",
+ QCryptoRSAPaddingAlgorithm_str(rsa->padding_alg),
+ in_len, in);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to build plaintext: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ err = gcry_pk_encrypt(&cipher_sexp, data_sexp, rsa->key);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to encrypt: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ /* S-expression of cipher: (enc-val (rsa (a a-mpi))) */
+ cipher_sexp_item = gcry_sexp_find_token(cipher_sexp, "a", 0);
+ if (!cipher_sexp_item || gcry_sexp_length(cipher_sexp_item) != 2) {
+ error_setg(errp, "Invalid ciphertext result");
+ goto cleanup;
+ }
+
+ if (rsa->padding_alg == QCRYPTO_RSA_PADDING_ALG_RAW) {
+ cipher_mpi = gcry_sexp_nth_mpi(cipher_sexp_item, 1, GCRYMPI_FMT_USG);
+ if (!cipher_mpi) {
+ error_setg(errp, "Invalid ciphertext result");
+ goto cleanup;
+ }
+ err = gcry_mpi_print(GCRYMPI_FMT_USG, out, out_len,
+ &actual_len, cipher_mpi);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to print MPI: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ if (actual_len > out_len) {
+ error_setg(errp, "Ciphertext buffer length is too small");
+ goto cleanup;
+ }
+
+ /* We always padding leading-zeros for RSA-RAW */
+ if (actual_len < out_len) {
+ memmove((uint8_t *)out + (out_len - actual_len), out, actual_len);
+ memset(out, 0, out_len - actual_len);
+ }
+ ret = out_len;
+
+ } else {
+ result = gcry_sexp_nth_data(cipher_sexp_item, 1, &actual_len);
+ if (!result) {
+ error_setg(errp, "Invalid ciphertext result");
+ goto cleanup;
+ }
+ if (actual_len > out_len) {
+ error_setg(errp, "Ciphertext buffer length is too small");
+ goto cleanup;
+ }
+ memcpy(out, result, actual_len);
+ ret = actual_len;
+ }
+
+cleanup:
+ gcry_sexp_release(data_sexp);
+ gcry_sexp_release(cipher_sexp);
+ gcry_sexp_release(cipher_sexp_item);
+ gcry_mpi_release(cipher_mpi);
+ return ret;
+}
+
+static int qcrypto_gcrypt_rsa_decrypt(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ void *out, size_t out_len,
+ Error **errp)
+{
+ QCryptoGcryptRSA *rsa = (QCryptoGcryptRSA *)akcipher;
+ int ret = -1;
+ gcry_sexp_t data_sexp = NULL, cipher_sexp = NULL;
+ gcry_mpi_t data_mpi = NULL;
+ gcry_error_t err;
+ size_t actual_len;
+ const char *result;
+
+ if (in_len > akcipher->max_ciphertext_len) {
+ error_setg(errp, "Ciphertext length is greater than key size: %d",
+ akcipher->max_ciphertext_len);
+ return ret;
+ }
+
+ err = gcry_sexp_build(&cipher_sexp, NULL,
+ "(enc-val (flags %s) (rsa (a %b) ))",
+ QCryptoRSAPaddingAlgorithm_str(rsa->padding_alg),
+ in_len, in);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to build ciphertext: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ err = gcry_pk_decrypt(&data_sexp, cipher_sexp, rsa->key);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to decrypt: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ /* S-expression of plaintext: (value plaintext) */
+ if (rsa->padding_alg == QCRYPTO_RSA_PADDING_ALG_RAW) {
+ data_mpi = gcry_sexp_nth_mpi(data_sexp, 1, GCRYMPI_FMT_USG);
+ if (!data_mpi) {
+ error_setg(errp, "Invalid plaintext result");
+ goto cleanup;
+ }
+ err = gcry_mpi_print(GCRYMPI_FMT_USG, out, out_len,
+ &actual_len, data_mpi);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to print MPI: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+ if (actual_len > out_len) {
+ error_setg(errp, "Plaintext buffer length is too small");
+ goto cleanup;
+ }
+ /* We always padding leading-zeros for RSA-RAW */
+ if (actual_len < out_len) {
+ memmove((uint8_t *)out + (out_len - actual_len), out, actual_len);
+ memset(out, 0, out_len - actual_len);
+ }
+ ret = out_len;
+ } else {
+ result = gcry_sexp_nth_data(data_sexp, 1, &actual_len);
+ if (!result) {
+ error_setg(errp, "Invalid plaintext result");
+ goto cleanup;
+ }
+ if (actual_len > out_len) {
+ error_setg(errp, "Plaintext buffer length is too small");
+ goto cleanup;
+ }
+ memcpy(out, result, actual_len);
+ ret = actual_len;
+ }
+
+cleanup:
+ gcry_sexp_release(cipher_sexp);
+ gcry_sexp_release(data_sexp);
+ gcry_mpi_release(data_mpi);
+ return ret;
+}
+
+static int qcrypto_gcrypt_rsa_sign(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ void *out, size_t out_len, Error **errp)
+{
+ QCryptoGcryptRSA *rsa = (QCryptoGcryptRSA *)akcipher;
+ int ret = -1;
+ gcry_sexp_t dgst_sexp = NULL, sig_sexp = NULL;
+ gcry_sexp_t sig_sexp_item = NULL;
+ const char *result;
+ gcry_error_t err;
+ size_t actual_len;
+
+ if (in_len > akcipher->max_dgst_len) {
+ error_setg(errp, "Data length is greater than key size: %d",
+ akcipher->max_dgst_len);
+ return ret;
+ }
+
+ if (rsa->padding_alg != QCRYPTO_RSA_PADDING_ALG_PKCS1) {
+ error_setg(errp, "Invalid padding %u", rsa->padding_alg);
+ return ret;
+ }
+
+ err = gcry_sexp_build(&dgst_sexp, NULL,
+ "(data (flags pkcs1) (hash %s %b))",
+ QCryptoHashAlgorithm_str(rsa->hash_alg),
+ in_len, in);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to build dgst: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ err = gcry_pk_sign(&sig_sexp, dgst_sexp, rsa->key);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to make signature: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ /* S-expression of signature: (sig-val (rsa (s s-mpi))) */
+ sig_sexp_item = gcry_sexp_find_token(sig_sexp, "s", 0);
+ if (!sig_sexp_item || gcry_sexp_length(sig_sexp_item) != 2) {
+ error_setg(errp, "Invalid signature result");
+ goto cleanup;
+ }
+
+ result = gcry_sexp_nth_data(sig_sexp_item, 1, &actual_len);
+ if (!result) {
+ error_setg(errp, "Invalid signature result");
+ goto cleanup;
+ }
+
+ if (actual_len > out_len) {
+ error_setg(errp, "Signature buffer length is too small");
+ goto cleanup;
+ }
+ memcpy(out, result, actual_len);
+ ret = actual_len;
+
+cleanup:
+ gcry_sexp_release(dgst_sexp);
+ gcry_sexp_release(sig_sexp);
+ gcry_sexp_release(sig_sexp_item);
+
+ return ret;
+}
+
+static int qcrypto_gcrypt_rsa_verify(QCryptoAkCipher *akcipher,
+ const void *in, size_t in_len,
+ const void *in2, size_t in2_len,
+ Error **errp)
+{
+ QCryptoGcryptRSA *rsa = (QCryptoGcryptRSA *)akcipher;
+ int ret = -1;
+ gcry_sexp_t sig_sexp = NULL, dgst_sexp = NULL;
+ gcry_error_t err;
+
+ if (in_len > akcipher->max_signature_len) {
+ error_setg(errp, "Signature length is greater than key size: %d",
+ akcipher->max_signature_len);
+ return ret;
+ }
+
+ if (in2_len > akcipher->max_dgst_len) {
+ error_setg(errp, "Data length is greater than key size: %d",
+ akcipher->max_dgst_len);
+ return ret;
+ }
+
+ if (rsa->padding_alg != QCRYPTO_RSA_PADDING_ALG_PKCS1) {
+ error_setg(errp, "Invalid padding %u", rsa->padding_alg);
+ return ret;
+ }
+
+ err = gcry_sexp_build(&sig_sexp, NULL,
+ "(sig-val (rsa (s %b)))", in_len, in);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to build signature: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ err = gcry_sexp_build(&dgst_sexp, NULL,
+ "(data (flags pkcs1) (hash %s %b))",
+ QCryptoHashAlgorithm_str(rsa->hash_alg),
+ in2_len, in2);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to build dgst: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+
+ err = gcry_pk_verify(sig_sexp, dgst_sexp, rsa->key);
+ if (gcry_err_code(err) != 0) {
+ error_setg(errp, "Failed to verify signature: %s/%s",
+ gcry_strsource(err), gcry_strerror(err));
+ goto cleanup;
+ }
+ ret = 0;
+
+cleanup:
+ gcry_sexp_release(dgst_sexp);
+ gcry_sexp_release(sig_sexp);
+
+ return ret;
+}
+
+QCryptoAkCipherDriver gcrypt_rsa = {
+ .encrypt = qcrypto_gcrypt_rsa_encrypt,
+ .decrypt = qcrypto_gcrypt_rsa_decrypt,
+ .sign = qcrypto_gcrypt_rsa_sign,
+ .verify = qcrypto_gcrypt_rsa_verify,
+ .free = qcrypto_gcrypt_rsa_free,
+};
+
+static QCryptoGcryptRSA *qcrypto_gcrypt_rsa_new(
+ const QCryptoAkCipherOptionsRSA *opt,
+ QCryptoAkCipherKeyType type,
+ const uint8_t *key, size_t keylen,
+ Error **errp)
+{
+ QCryptoGcryptRSA *rsa = g_new0(QCryptoGcryptRSA, 1);
+ rsa->padding_alg = opt->padding_alg;
+ rsa->hash_alg = opt->hash_alg;
+ rsa->akcipher.driver = &gcrypt_rsa;
+
+ switch (type) {
+ case QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE:
+ if (qcrypto_gcrypt_parse_rsa_private_key(rsa, key, keylen, errp) != 0) {
+ goto error;
+ }
+ break;
+
+ case QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC:
+ if (qcrypto_gcrypt_parse_rsa_public_key(rsa, key, keylen, errp) != 0) {
+ goto error;
+ }
+ break;
+
+ default:
+ error_setg(errp, "Unknown akcipher key type %d", type);
+ goto error;
+ }
+
+ return rsa;
+
+error:
+ qcrypto_gcrypt_rsa_free((QCryptoAkCipher *)rsa);
+ return NULL;
+}
+
+
+bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts)
+{
+ switch (opts->alg) {
+ case QCRYPTO_AKCIPHER_ALG_RSA:
+ switch (opts->u.rsa.padding_alg) {
+ case QCRYPTO_RSA_PADDING_ALG_RAW:
+ return true;
+
+ case QCRYPTO_RSA_PADDING_ALG_PKCS1:
+ switch (opts->u.rsa.hash_alg) {
+ case QCRYPTO_HASH_ALG_MD5:
+ case QCRYPTO_HASH_ALG_SHA1:
+ case QCRYPTO_HASH_ALG_SHA256:
+ case QCRYPTO_HASH_ALG_SHA512:
+ return true;
+
+ default:
+ return false;
+ }
+
+ default:
+ return false;
+ }
+
+ default:
+ return true;
+ }
+}
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
index f287083f92..ad88379c1e 100644
--- a/crypto/akcipher.c
+++ b/crypto/akcipher.c
@@ -23,7 +23,9 @@
#include "crypto/akcipher.h"
#include "akcipherpriv.h"
-#if defined(CONFIG_NETTLE) && defined(CONFIG_HOGWEED)
+#if defined(CONFIG_GCRYPT)
+#include "akcipher-gcrypt.c.inc"
+#elif defined(CONFIG_NETTLE) && defined(CONFIG_HOGWEED)
#include "akcipher-nettle.c.inc"
#else
QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts,
--
2.36.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PULL 6/7] test/crypto: Add test suite for crypto akcipher
2022-05-26 10:45 [PULL 0/7] crypto asymmetric cipher patches Daniel P. Berrangé
` (4 preceding siblings ...)
2022-05-26 10:45 ` [PULL 5/7] crypto: Implement RSA algorithm by gcrypt Daniel P. Berrangé
@ 2022-05-26 10:45 ` Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 7/7] tests/crypto: Add test suite for RSA keys Daniel P. Berrangé
2022-05-26 16:18 ` [PULL 0/7] crypto asymmetric cipher patches Richard Henderson
7 siblings, 0 replies; 9+ messages in thread
From: Daniel P. Berrangé @ 2022-05-26 10:45 UTC (permalink / raw)
To: qemu-devel
Cc: Daniel P. Berrangé,
Markus Armbruster, Eric Blake, Lei He, zhenwei pi
From: Lei He <helei.sig11@bytedance.com>
Add unit test and benchmark test for crypto akcipher.
Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/akcipher-nettle.c.inc | 14 +-
tests/bench/benchmark-crypto-akcipher.c | 137 +++++
tests/bench/meson.build | 1 +
tests/bench/test_akcipher_keys.inc | 537 ++++++++++++++++++
tests/unit/meson.build | 1 +
tests/unit/test-crypto-akcipher.c | 711 ++++++++++++++++++++++++
6 files changed, 1394 insertions(+), 7 deletions(-)
create mode 100644 tests/bench/benchmark-crypto-akcipher.c
create mode 100644 tests/bench/test_akcipher_keys.inc
create mode 100644 tests/unit/test-crypto-akcipher.c
diff --git a/crypto/akcipher-nettle.c.inc b/crypto/akcipher-nettle.c.inc
index a7c0c6a1ee..02699e6e6d 100644
--- a/crypto/akcipher-nettle.c.inc
+++ b/crypto/akcipher-nettle.c.inc
@@ -171,14 +171,14 @@ static int qcrypto_nettle_rsa_encrypt(QCryptoAkCipher *akcipher,
int ret = -1;
if (data_len > rsa->pub.size) {
- error_setg(errp, "Plaintext length %zu is greater than key size: %zu"
+ error_setg(errp, "Plaintext length %zu is greater than key size: %zu",
data_len, rsa->pub.size);
return ret;
}
if (enc_len < rsa->pub.size) {
error_setg(errp, "Ciphertext buffer length %zu is less than "
- "key size: %zu", rsa->pub.size);
+ "key size: %zu", enc_len, rsa->pub.size);
return ret;
}
@@ -218,7 +218,7 @@ static int qcrypto_nettle_rsa_decrypt(QCryptoAkCipher *akcipher,
if (enc_len > rsa->priv.size) {
error_setg(errp, "Ciphertext length %zu is greater than key size: %zu",
- rsa->priv.size);
+ enc_len, rsa->priv.size);
return ret;
}
@@ -264,13 +264,13 @@ static int qcrypto_nettle_rsa_sign(QCryptoAkCipher *akcipher,
if (data_len > rsa->priv.size) {
error_setg(errp, "Data length %zu is greater than key size: %zu",
- rsa->priv.size);
+ data_len, rsa->priv.size);
return ret;
}
if (sig_len < rsa->priv.size) {
error_setg(errp, "Signature buffer length %zu is less than "
- "key size: %zu", rsa->priv.size);
+ "key size: %zu", sig_len, rsa->priv.size);
return ret;
}
@@ -330,12 +330,12 @@ static int qcrypto_nettle_rsa_verify(QCryptoAkCipher *akcipher,
}
if (data_len > rsa->pub.size) {
error_setg(errp, "Data length %zu is greater than key size: %zu",
- rsa->pub.size);
+ data_len, rsa->pub.size);
return ret;
}
if (sig_len < rsa->pub.size) {
error_setg(errp, "Signature length %zu is greater than key size: %zu",
- rsa->pub.size);
+ sig_len, rsa->pub.size);
return ret;
}
diff --git a/tests/bench/benchmark-crypto-akcipher.c b/tests/bench/benchmark-crypto-akcipher.c
new file mode 100644
index 0000000000..15e69557ed
--- /dev/null
+++ b/tests/bench/benchmark-crypto-akcipher.c
@@ -0,0 +1,137 @@
+/*
+ * QEMU Crypto akcipher speed benchmark
+ *
+ * Copyright (c) 2022 Bytedance
+ *
+ * Authors:
+ * lei he <helei.sig11@bytedance.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/init.h"
+#include "crypto/akcipher.h"
+#include "standard-headers/linux/virtio_crypto.h"
+
+#include "test_akcipher_keys.inc"
+
+static QCryptoAkCipher *create_rsa_akcipher(const uint8_t *priv_key,
+ size_t keylen,
+ QCryptoRSAPaddingAlgorithm padding,
+ QCryptoHashAlgorithm hash)
+{
+ QCryptoAkCipherOptions opt;
+ QCryptoAkCipher *rsa;
+
+ opt.alg = QCRYPTO_AKCIPHER_ALG_RSA;
+ opt.u.rsa.padding_alg = padding;
+ opt.u.rsa.hash_alg = hash;
+ rsa = qcrypto_akcipher_new(&opt, QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE,
+ priv_key, keylen, &error_abort);
+ return rsa;
+}
+
+static void test_rsa_speed(const uint8_t *priv_key, size_t keylen,
+ size_t key_size)
+{
+#define BYTE 8
+#define SHA1_DGST_LEN 20
+#define SIGN_TIMES 10000
+#define VERIFY_TIMES 100000
+#define PADDING QCRYPTO_RSA_PADDING_ALG_PKCS1
+#define HASH QCRYPTO_HASH_ALG_SHA1
+
+ g_autoptr(QCryptoAkCipher) rsa =
+ create_rsa_akcipher(priv_key, keylen, PADDING, HASH);
+ g_autofree uint8_t *dgst = NULL;
+ g_autofree uint8_t *signature = NULL;
+ size_t count;
+
+ dgst = g_new0(uint8_t, SHA1_DGST_LEN);
+ memset(dgst, g_test_rand_int(), SHA1_DGST_LEN);
+ signature = g_new0(uint8_t, key_size / BYTE);
+
+ g_test_message("benchmark rsa%zu (%s-%s) sign...", key_size,
+ QCryptoRSAPaddingAlgorithm_str(PADDING),
+ QCryptoHashAlgorithm_str(HASH));
+ g_test_timer_start();
+ for (count = 0; count < SIGN_TIMES; ++count) {
+ g_assert(qcrypto_akcipher_sign(rsa, dgst, SHA1_DGST_LEN,
+ signature, key_size / BYTE,
+ &error_abort) > 0);
+ }
+ g_test_timer_elapsed();
+ g_test_message("rsa%zu (%s-%s) sign %zu times in %.2f seconds,"
+ " %.2f times/sec ",
+ key_size, QCryptoRSAPaddingAlgorithm_str(PADDING),
+ QCryptoHashAlgorithm_str(HASH),
+ count, g_test_timer_last(),
+ (double)count / g_test_timer_last());
+
+ g_test_message("benchmark rsa%zu (%s-%s) verification...", key_size,
+ QCryptoRSAPaddingAlgorithm_str(PADDING),
+ QCryptoHashAlgorithm_str(HASH));
+ g_test_timer_start();
+ for (count = 0; count < VERIFY_TIMES; ++count) {
+ g_assert(qcrypto_akcipher_verify(rsa, signature, key_size / BYTE,
+ dgst, SHA1_DGST_LEN,
+ &error_abort) == 0);
+ }
+ g_test_timer_elapsed();
+ g_test_message("rsa%zu (%s-%s) verify %zu times in %.2f seconds,"
+ " %.2f times/sec ",
+ key_size, QCryptoRSAPaddingAlgorithm_str(PADDING),
+ QCryptoHashAlgorithm_str(HASH),
+ count, g_test_timer_last(),
+ (double)count / g_test_timer_last());
+}
+
+static void test_rsa_1024_speed(const void *opaque)
+{
+ size_t key_size = (size_t)opaque;
+ test_rsa_speed(rsa1024_priv_key, sizeof(rsa1024_priv_key), key_size);
+}
+
+static void test_rsa_2048_speed(const void *opaque)
+{
+ size_t key_size = (size_t)opaque;
+ test_rsa_speed(rsa2048_priv_key, sizeof(rsa2048_priv_key), key_size);
+}
+
+static void test_rsa_4096_speed(const void *opaque)
+{
+ size_t key_size = (size_t)opaque;
+ test_rsa_speed(rsa4096_priv_key, sizeof(rsa4096_priv_key), key_size);
+}
+
+int main(int argc, char **argv)
+{
+ char *alg = NULL;
+ char *size = NULL;
+ g_test_init(&argc, &argv, NULL);
+ g_assert(qcrypto_init(NULL) == 0);
+
+#define ADD_TEST(asym_alg, keysize) \
+ if ((!alg || g_str_equal(alg, #asym_alg)) && \
+ (!size || g_str_equal(size, #keysize))) \
+ g_test_add_data_func( \
+ "/crypto/akcipher/" #asym_alg "-" #keysize, \
+ (void *)keysize, \
+ test_ ## asym_alg ## _ ## keysize ## _speed)
+
+ if (argc >= 2) {
+ alg = argv[1];
+ }
+ if (argc >= 3) {
+ size = argv[2];
+ }
+
+ ADD_TEST(rsa, 1024);
+ ADD_TEST(rsa, 2048);
+ ADD_TEST(rsa, 4096);
+
+ return g_test_run();
+}
diff --git a/tests/bench/meson.build b/tests/bench/meson.build
index 00b3c209dc..279a8fcc33 100644
--- a/tests/bench/meson.build
+++ b/tests/bench/meson.build
@@ -20,6 +20,7 @@ if have_block
'benchmark-crypto-hash': [crypto],
'benchmark-crypto-hmac': [crypto],
'benchmark-crypto-cipher': [crypto],
+ 'benchmark-crypto-akcipher': [crypto],
}
endif
diff --git a/tests/bench/test_akcipher_keys.inc b/tests/bench/test_akcipher_keys.inc
new file mode 100644
index 0000000000..df3eccb45e
--- /dev/null
+++ b/tests/bench/test_akcipher_keys.inc
@@ -0,0 +1,537 @@
+/*
+ * Copyright (c) 2022 Bytedance, and/or its affiliates
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * Author: lei he <helei.sig11@bytedance.com>
+ */
+
+/* RSA test keys, generated by OpenSSL */
+static const uint8_t rsa1024_priv_key[] = {
+ 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02,
+ 0x81, 0x81, 0x00, 0xe6, 0x4d, 0x76, 0x4f, 0xb2,
+ 0x97, 0x09, 0xad, 0x9d, 0x17, 0x33, 0xf2, 0x30,
+ 0x42, 0x83, 0xa9, 0xcb, 0x49, 0xa4, 0x2e, 0x59,
+ 0x5e, 0x75, 0x51, 0xd1, 0xac, 0xc8, 0x86, 0x3e,
+ 0xdb, 0x72, 0x2e, 0xb2, 0xf7, 0xc3, 0x5b, 0xc7,
+ 0xea, 0xed, 0x30, 0xd1, 0xf7, 0x37, 0xee, 0x9d,
+ 0x36, 0x59, 0x6f, 0xf8, 0xce, 0xc0, 0x5c, 0x82,
+ 0x80, 0x37, 0x83, 0xd7, 0x45, 0x6a, 0xe9, 0xea,
+ 0xc5, 0x3a, 0x59, 0x6b, 0x34, 0x31, 0x44, 0x00,
+ 0x74, 0xa7, 0x29, 0xab, 0x79, 0x4a, 0xbd, 0xe8,
+ 0x25, 0x35, 0x01, 0x11, 0x40, 0xbf, 0x31, 0xbd,
+ 0xd3, 0xe0, 0x68, 0x1e, 0xd5, 0x5b, 0x2f, 0xe9,
+ 0x20, 0xf2, 0x9f, 0x46, 0x35, 0x30, 0xa8, 0xf1,
+ 0xfe, 0xef, 0xd8, 0x76, 0x23, 0x46, 0x34, 0x70,
+ 0xa1, 0xce, 0xc6, 0x65, 0x6d, 0xb0, 0x94, 0x7e,
+ 0xe5, 0x92, 0x45, 0x7b, 0xaa, 0xbb, 0x95, 0x97,
+ 0x77, 0xcd, 0xd3, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x81, 0x80, 0x30, 0x6a, 0xc4, 0x9e, 0xc8,
+ 0xba, 0xfc, 0x2b, 0xe5, 0xc4, 0xc5, 0x04, 0xfb,
+ 0xa4, 0x60, 0x2d, 0xc8, 0x31, 0x39, 0x35, 0x0d,
+ 0x50, 0xd0, 0x75, 0x5d, 0x11, 0x68, 0x2e, 0xe0,
+ 0xf4, 0x1d, 0xb3, 0x37, 0xa8, 0xe3, 0x07, 0x5e,
+ 0xa6, 0x43, 0x2b, 0x6a, 0x59, 0x01, 0x07, 0x47,
+ 0x41, 0xef, 0xd7, 0x9c, 0x85, 0x4a, 0xe7, 0xa7,
+ 0xff, 0xf0, 0xab, 0xe5, 0x0c, 0x11, 0x08, 0x10,
+ 0x75, 0x5a, 0x68, 0xa0, 0x08, 0x03, 0xc9, 0x40,
+ 0x79, 0x67, 0x1d, 0x65, 0x89, 0x2d, 0x08, 0xf9,
+ 0xb5, 0x1b, 0x7d, 0xd2, 0x41, 0x3b, 0x33, 0xf2,
+ 0x47, 0x2f, 0x9c, 0x0b, 0xd5, 0xaf, 0xcb, 0xdb,
+ 0xbb, 0x37, 0x63, 0x03, 0xf8, 0xe7, 0x2e, 0xc7,
+ 0x3c, 0x86, 0x9f, 0xc2, 0x9b, 0xb4, 0x70, 0x6a,
+ 0x4d, 0x7c, 0xe4, 0x1b, 0x3a, 0xa9, 0xae, 0xd7,
+ 0xce, 0x7f, 0x56, 0xc2, 0x73, 0x5e, 0x58, 0x63,
+ 0xd5, 0x86, 0x41, 0x02, 0x41, 0x00, 0xf6, 0x56,
+ 0x69, 0xec, 0xef, 0x65, 0x95, 0xdc, 0x25, 0x47,
+ 0xe0, 0x6f, 0xb0, 0x4f, 0x79, 0x77, 0x0a, 0x5e,
+ 0x46, 0xcb, 0xbd, 0x0b, 0x71, 0x51, 0x2a, 0xa4,
+ 0x65, 0x29, 0x18, 0xc6, 0x30, 0xa0, 0x95, 0x4c,
+ 0x4b, 0xbe, 0x8c, 0x40, 0xe3, 0x9c, 0x23, 0x02,
+ 0x14, 0x43, 0xe9, 0x64, 0xea, 0xe3, 0xa8, 0xe2,
+ 0x1a, 0xd5, 0xf9, 0x5c, 0xe0, 0x36, 0x2c, 0x97,
+ 0xda, 0xd5, 0xc7, 0x46, 0xce, 0x11, 0x02, 0x41,
+ 0x00, 0xef, 0x56, 0x08, 0xb8, 0x29, 0xa5, 0xa6,
+ 0x7c, 0xf7, 0x5f, 0xb4, 0xf5, 0x63, 0xe7, 0xeb,
+ 0x45, 0xfd, 0x89, 0xaa, 0x94, 0xa6, 0x3d, 0x0b,
+ 0xd9, 0x04, 0x6f, 0x78, 0xe0, 0xbb, 0xa2, 0xd4,
+ 0x29, 0x83, 0x17, 0x95, 0x6f, 0x50, 0x3d, 0x40,
+ 0x5d, 0xe5, 0x24, 0xda, 0xc2, 0x23, 0x50, 0x86,
+ 0xa8, 0x34, 0xc8, 0x6f, 0xec, 0x7f, 0xb6, 0x45,
+ 0x3a, 0xdd, 0x78, 0x9b, 0xee, 0xa1, 0xe4, 0x09,
+ 0xa3, 0x02, 0x40, 0x5c, 0xd6, 0x66, 0x67, 0x58,
+ 0x35, 0xc5, 0xcb, 0xc8, 0xf5, 0x14, 0xbd, 0xa3,
+ 0x09, 0xe0, 0xb2, 0x1f, 0x63, 0x36, 0x75, 0x34,
+ 0x52, 0xea, 0xaa, 0xf7, 0x52, 0x2b, 0x99, 0xd8,
+ 0x6f, 0x61, 0x06, 0x34, 0x1e, 0x23, 0xf1, 0xb5,
+ 0x34, 0x03, 0x53, 0xe5, 0xd1, 0xb3, 0xc7, 0x80,
+ 0x5f, 0x7b, 0x32, 0xbf, 0x84, 0x2f, 0x2e, 0xf3,
+ 0x22, 0xb0, 0x91, 0x5a, 0x2f, 0x04, 0xd7, 0x4a,
+ 0x9a, 0x01, 0xb1, 0x02, 0x40, 0x34, 0x0b, 0x26,
+ 0x4c, 0x3d, 0xaa, 0x2a, 0xc0, 0xe3, 0xdd, 0xe8,
+ 0xf0, 0xaf, 0x6f, 0xe0, 0x06, 0x51, 0x32, 0x9d,
+ 0x68, 0x43, 0x99, 0xe4, 0xb8, 0xa5, 0x31, 0x44,
+ 0x3c, 0xc2, 0x30, 0x8f, 0x28, 0x13, 0xbc, 0x8e,
+ 0x1f, 0x2d, 0x78, 0x94, 0x45, 0x96, 0xad, 0x63,
+ 0xf0, 0x71, 0x53, 0x72, 0x64, 0xa3, 0x4d, 0xae,
+ 0xa0, 0xe3, 0xc8, 0x93, 0xd7, 0x50, 0x0f, 0x89,
+ 0x00, 0xe4, 0x2d, 0x3d, 0x37, 0x02, 0x41, 0x00,
+ 0xbe, 0xa6, 0x08, 0xe0, 0xc8, 0x15, 0x2a, 0x47,
+ 0xcb, 0xd5, 0xec, 0x93, 0xd3, 0xaa, 0x12, 0x82,
+ 0xaf, 0xac, 0x51, 0x5a, 0x5b, 0xa7, 0x93, 0x4b,
+ 0xb9, 0xab, 0x00, 0xfa, 0x5a, 0xea, 0x34, 0xe4,
+ 0x80, 0xf1, 0x44, 0x6a, 0x65, 0xe4, 0x33, 0x99,
+ 0xfb, 0x54, 0xd7, 0x89, 0x5a, 0x1b, 0xd6, 0x2b,
+ 0xcc, 0x6e, 0x4b, 0x19, 0xa0, 0x6d, 0x93, 0x9f,
+ 0xc3, 0x91, 0x7a, 0xa5, 0xd8, 0x59, 0x0e, 0x9e,
+};
+
+static const uint8_t rsa2048_priv_key[] = {
+ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02,
+ 0x82, 0x01, 0x01, 0x00, 0xbd, 0x9c, 0x83, 0x6b,
+ 0x0e, 0x8e, 0xcf, 0xfa, 0xaa, 0x4f, 0x6a, 0xf4,
+ 0xe3, 0x52, 0x0f, 0xa5, 0xd0, 0xbe, 0x5e, 0x7f,
+ 0x08, 0x24, 0xba, 0x87, 0x46, 0xfb, 0x28, 0x93,
+ 0xe5, 0xe5, 0x81, 0x42, 0xc0, 0xf9, 0x17, 0xc7,
+ 0x81, 0x01, 0xf4, 0x18, 0x6a, 0x17, 0xf5, 0x57,
+ 0x20, 0x37, 0xcf, 0xf9, 0x74, 0x5e, 0xe1, 0x48,
+ 0x6a, 0x71, 0x0a, 0x0f, 0x79, 0x72, 0x2b, 0x46,
+ 0x10, 0x53, 0xdc, 0x14, 0x43, 0xbd, 0xbc, 0x6d,
+ 0x15, 0x6f, 0x15, 0x4e, 0xf0, 0x0d, 0x89, 0x39,
+ 0x02, 0xc3, 0x68, 0x5c, 0xa8, 0xfc, 0xed, 0x64,
+ 0x9d, 0x98, 0xb7, 0xcd, 0x83, 0x66, 0x93, 0xc3,
+ 0xd9, 0x57, 0xa0, 0x21, 0x93, 0xad, 0x5c, 0x75,
+ 0x69, 0x88, 0x9e, 0x81, 0xdc, 0x7f, 0x1d, 0xd5,
+ 0xbd, 0x1c, 0xc1, 0x30, 0x56, 0xa5, 0xda, 0x99,
+ 0x46, 0xa6, 0x6d, 0x0e, 0x6f, 0x5e, 0x51, 0x34,
+ 0x49, 0x73, 0xc3, 0x67, 0x49, 0x7e, 0x21, 0x2a,
+ 0x20, 0xa7, 0x2b, 0x92, 0x73, 0x1d, 0xa5, 0x25,
+ 0x2a, 0xd0, 0x3a, 0x89, 0x75, 0xb2, 0xbb, 0x19,
+ 0x37, 0x78, 0x48, 0xd2, 0xf2, 0x2a, 0x6d, 0x9e,
+ 0xc6, 0x26, 0xca, 0x46, 0x8c, 0xf1, 0x42, 0x2a,
+ 0x31, 0xb2, 0xfc, 0xe7, 0x55, 0x51, 0xff, 0x07,
+ 0x13, 0x5b, 0x36, 0x59, 0x2b, 0x43, 0x30, 0x4b,
+ 0x05, 0x5c, 0xd2, 0x45, 0xa0, 0xa0, 0x7c, 0x17,
+ 0x5b, 0x07, 0xbb, 0x5d, 0x83, 0x80, 0x92, 0x6d,
+ 0x87, 0x1a, 0x43, 0xac, 0xc7, 0x6b, 0x8d, 0x11,
+ 0x60, 0x27, 0xd2, 0xdf, 0xdb, 0x71, 0x02, 0x55,
+ 0x6e, 0xb5, 0xca, 0x4d, 0xda, 0x59, 0x0d, 0xb8,
+ 0x8c, 0xcd, 0xd3, 0x0e, 0x55, 0xa0, 0xa4, 0x8d,
+ 0xa0, 0x14, 0x10, 0x48, 0x42, 0x35, 0x56, 0x08,
+ 0xf7, 0x29, 0x5f, 0xa2, 0xea, 0xa4, 0x5e, 0x8e,
+ 0x99, 0x56, 0xaa, 0x5a, 0x8c, 0x23, 0x8f, 0x35,
+ 0x22, 0x8a, 0xff, 0xed, 0x02, 0x03, 0x01, 0x00,
+ 0x01, 0x02, 0x82, 0x01, 0x00, 0x4e, 0x4a, 0xf3,
+ 0x44, 0xe0, 0x64, 0xfd, 0xe1, 0xde, 0x33, 0x1e,
+ 0xd1, 0xf1, 0x8f, 0x6f, 0xe0, 0xa2, 0xfa, 0x08,
+ 0x60, 0xe1, 0xc6, 0xf0, 0xb2, 0x6d, 0x0f, 0xc6,
+ 0x28, 0x93, 0xb4, 0x19, 0x94, 0xab, 0xc3, 0xef,
+ 0x1a, 0xb4, 0xdd, 0x4e, 0xa2, 0x4a, 0x24, 0x8c,
+ 0x6c, 0xa6, 0x64, 0x05, 0x5f, 0x56, 0xba, 0xda,
+ 0xc1, 0x21, 0x1a, 0x7d, 0xf1, 0xf7, 0xce, 0xb9,
+ 0xa9, 0x9b, 0x92, 0x54, 0xfc, 0x95, 0x20, 0x22,
+ 0x4e, 0xd4, 0x9b, 0xe2, 0xab, 0x8e, 0x99, 0xb8,
+ 0x40, 0xaf, 0x30, 0x6a, 0xc6, 0x60, 0x0c, 0xd8,
+ 0x25, 0x44, 0xa1, 0xcb, 0xbb, 0x73, 0x77, 0x86,
+ 0xaa, 0x46, 0xf3, 0x54, 0xae, 0xa8, 0xa0, 0xdb,
+ 0xdd, 0xab, 0x6e, 0xfb, 0x2c, 0x5a, 0x14, 0xaf,
+ 0x08, 0x13, 0xa7, 0x6c, 0xe9, 0xfd, 0xcd, 0x4c,
+ 0x1f, 0x20, 0x3a, 0x16, 0x2b, 0xf0, 0xb6, 0x7c,
+ 0x47, 0x5f, 0xd1, 0x0a, 0x2c, 0xc4, 0xa5, 0x68,
+ 0xd0, 0x43, 0x75, 0x6b, 0x65, 0xaa, 0x32, 0xc6,
+ 0x99, 0x06, 0xcb, 0x8f, 0xe6, 0x8d, 0xce, 0xbf,
+ 0x4d, 0x0d, 0x7b, 0x22, 0x2a, 0x8a, 0xcb, 0x7d,
+ 0x7f, 0x16, 0x48, 0x85, 0xf1, 0x86, 0xcb, 0x54,
+ 0xb9, 0x39, 0xd4, 0xbc, 0xe3, 0x2d, 0x27, 0x59,
+ 0xf6, 0x81, 0x5e, 0x94, 0x45, 0xdf, 0xb9, 0x22,
+ 0xaf, 0x64, 0x0d, 0x14, 0xec, 0x8c, 0xeb, 0x71,
+ 0xac, 0xee, 0x09, 0x4c, 0xbf, 0x34, 0xf9, 0xf4,
+ 0x66, 0x77, 0x36, 0x3b, 0x41, 0x74, 0x01, 0x4f,
+ 0xfc, 0x56, 0x83, 0xba, 0x14, 0xb0, 0x2f, 0xdd,
+ 0x4d, 0xb9, 0x3f, 0xdf, 0x71, 0xbe, 0x7b, 0xba,
+ 0x66, 0xc8, 0xc5, 0x42, 0xc9, 0xba, 0x18, 0x63,
+ 0x45, 0x07, 0x2f, 0x84, 0x3e, 0xc3, 0xfb, 0x47,
+ 0xda, 0xd4, 0x1d, 0x0e, 0x9d, 0x96, 0xc0, 0xea,
+ 0xee, 0x45, 0x2f, 0xe1, 0x62, 0x23, 0xee, 0xef,
+ 0x3d, 0x5e, 0x55, 0xa1, 0x0d, 0x02, 0x81, 0x81,
+ 0x00, 0xeb, 0x76, 0x88, 0xd3, 0xae, 0x3f, 0x1d,
+ 0xf2, 0x49, 0xe0, 0x37, 0x49, 0x83, 0x82, 0x6c,
+ 0xf7, 0xf1, 0x17, 0x30, 0x75, 0x2e, 0x89, 0x06,
+ 0x88, 0x56, 0x32, 0xf6, 0xfa, 0x58, 0xcb, 0x3c,
+ 0x98, 0x67, 0xc3, 0xde, 0x10, 0x82, 0xe5, 0xfa,
+ 0xfa, 0x52, 0x47, 0x8d, 0xd7, 0x00, 0xc6, 0xcb,
+ 0xf7, 0xf6, 0x57, 0x9b, 0x6e, 0x0c, 0xac, 0xe8,
+ 0x3b, 0xd1, 0xde, 0xb5, 0x34, 0xaf, 0x8b, 0x2a,
+ 0xb0, 0x2d, 0x01, 0xeb, 0x7c, 0xa0, 0x42, 0x26,
+ 0xbb, 0x2b, 0x43, 0x0e, 0x1d, 0xe2, 0x4e, 0xc9,
+ 0xc1, 0x0a, 0x67, 0x1d, 0xfc, 0x83, 0x25, 0xce,
+ 0xb2, 0x18, 0xd9, 0x0d, 0x70, 0xf5, 0xa3, 0x5a,
+ 0x9c, 0x99, 0xdd, 0x47, 0xa1, 0x57, 0xe7, 0x20,
+ 0xde, 0xa1, 0x29, 0x8d, 0x96, 0x62, 0xf9, 0x26,
+ 0x95, 0x51, 0xa6, 0xe7, 0x09, 0x8b, 0xba, 0x16,
+ 0x8b, 0x19, 0x5b, 0xf9, 0x27, 0x0d, 0xc5, 0xd6,
+ 0x5f, 0x02, 0x81, 0x81, 0x00, 0xce, 0x26, 0x31,
+ 0xb5, 0x43, 0x53, 0x95, 0x39, 0xdd, 0x01, 0x98,
+ 0x8b, 0x3d, 0x27, 0xeb, 0x0b, 0x87, 0x1c, 0x95,
+ 0xfc, 0x3e, 0x36, 0x51, 0x31, 0xb5, 0xea, 0x59,
+ 0x56, 0xc0, 0x97, 0x62, 0xf0, 0x63, 0x2b, 0xb6,
+ 0x30, 0x9b, 0xdf, 0x19, 0x10, 0xe9, 0xa0, 0x3d,
+ 0xea, 0x54, 0x5a, 0xe6, 0xc6, 0x9e, 0x7e, 0xb5,
+ 0xf0, 0xb0, 0x54, 0xef, 0xc3, 0xe1, 0x47, 0xa6,
+ 0x95, 0xc7, 0xe4, 0xa3, 0x4a, 0x30, 0x68, 0x24,
+ 0x98, 0x7d, 0xc1, 0x34, 0xa9, 0xcb, 0xbc, 0x3c,
+ 0x08, 0x9c, 0x7d, 0x0c, 0xa2, 0xb7, 0x60, 0xaa,
+ 0x38, 0x08, 0x16, 0xa6, 0x7f, 0xdb, 0xd2, 0xb1,
+ 0x67, 0xe7, 0x93, 0x8e, 0xbb, 0x7e, 0xb9, 0xb5,
+ 0xd0, 0xd0, 0x9f, 0x7b, 0xcc, 0x46, 0xe6, 0x74,
+ 0x78, 0x1a, 0x96, 0xd6, 0xd7, 0x74, 0x34, 0x54,
+ 0x3b, 0x54, 0x55, 0x7f, 0x89, 0x81, 0xbc, 0x40,
+ 0x55, 0x87, 0x24, 0x95, 0x33, 0x02, 0x81, 0x81,
+ 0x00, 0xb0, 0x18, 0x5d, 0x2a, 0x1a, 0x95, 0x9f,
+ 0x9a, 0xd5, 0x3f, 0x37, 0x79, 0xe6, 0x3d, 0x83,
+ 0xab, 0x46, 0x86, 0x36, 0x3a, 0x5d, 0x0c, 0x23,
+ 0x73, 0x91, 0x2b, 0xda, 0x63, 0xce, 0x46, 0x68,
+ 0xd1, 0xfe, 0x40, 0x90, 0xf2, 0x3e, 0x43, 0x2b,
+ 0x19, 0x4c, 0xb1, 0xb0, 0xd5, 0x8c, 0x02, 0x21,
+ 0x07, 0x18, 0x17, 0xda, 0xe9, 0x49, 0xd7, 0x82,
+ 0x73, 0x42, 0x78, 0xd1, 0x82, 0x4e, 0x8a, 0xc0,
+ 0xe9, 0x33, 0x2f, 0xcd, 0x62, 0xce, 0x23, 0xca,
+ 0xfd, 0x8d, 0xd4, 0x3f, 0x59, 0x80, 0x27, 0xb6,
+ 0x61, 0x85, 0x9b, 0x2a, 0xe4, 0xef, 0x5c, 0x36,
+ 0x22, 0x21, 0xcd, 0x2a, 0x6d, 0x41, 0x77, 0xe2,
+ 0xcb, 0x5d, 0x93, 0x0d, 0x00, 0x10, 0x52, 0x8d,
+ 0xd5, 0x92, 0x28, 0x16, 0x78, 0xd3, 0x1a, 0x4c,
+ 0x8d, 0xbd, 0x9c, 0x1a, 0x0b, 0x9c, 0x91, 0x16,
+ 0x4c, 0xff, 0x31, 0x36, 0xbb, 0xcb, 0x64, 0x1a,
+ 0xf7, 0x02, 0x81, 0x80, 0x32, 0x65, 0x09, 0xdf,
+ 0xca, 0xee, 0xa2, 0xdb, 0x3b, 0x58, 0xc9, 0x86,
+ 0xb8, 0x53, 0x8a, 0xd5, 0x0d, 0x99, 0x82, 0x5c,
+ 0xe0, 0x84, 0x7c, 0xc2, 0xcf, 0x3a, 0xd3, 0xce,
+ 0x2e, 0x54, 0x93, 0xbe, 0x3a, 0x30, 0x14, 0x60,
+ 0xbb, 0xaa, 0x05, 0x41, 0xaa, 0x2b, 0x1f, 0x17,
+ 0xaa, 0xb9, 0x72, 0x12, 0xf9, 0xe9, 0xf5, 0xe6,
+ 0x39, 0xe4, 0xf9, 0x9c, 0x03, 0xf5, 0x75, 0x16,
+ 0xc6, 0x7f, 0xf1, 0x1f, 0x10, 0xc8, 0x54, 0xb1,
+ 0xe6, 0x84, 0x15, 0xb0, 0xb0, 0x7a, 0x7a, 0x9e,
+ 0x8c, 0x4a, 0xd1, 0x8c, 0xf1, 0x91, 0x32, 0xeb,
+ 0x71, 0xa6, 0xbf, 0xdb, 0x1f, 0xcc, 0xd8, 0xcb,
+ 0x92, 0xc3, 0xf2, 0xaf, 0x89, 0x22, 0x32, 0xfd,
+ 0x32, 0x12, 0xda, 0xbb, 0xac, 0x55, 0x68, 0x01,
+ 0x78, 0x56, 0x89, 0x7c, 0xb0, 0x0e, 0x9e, 0xcc,
+ 0xc6, 0x28, 0x04, 0x7e, 0x83, 0xf5, 0x96, 0x30,
+ 0x92, 0x51, 0xf2, 0x1b, 0x02, 0x81, 0x81, 0x00,
+ 0x83, 0x6d, 0xd1, 0x98, 0x90, 0x41, 0x8c, 0xa7,
+ 0x92, 0x83, 0xac, 0x89, 0x05, 0x0c, 0x79, 0x67,
+ 0x90, 0xb6, 0xa1, 0xf3, 0x2f, 0xca, 0xf0, 0x15,
+ 0xe0, 0x30, 0x58, 0xe9, 0x4f, 0xcb, 0x4c, 0x56,
+ 0x56, 0x56, 0x14, 0x3f, 0x1b, 0x79, 0xb6, 0xef,
+ 0x57, 0x4b, 0x28, 0xbd, 0xb0, 0xe6, 0x0c, 0x49,
+ 0x4b, 0xbe, 0xe1, 0x57, 0x28, 0x2a, 0x23, 0x5e,
+ 0xc4, 0xa2, 0x19, 0x4b, 0x00, 0x67, 0x78, 0xd9,
+ 0x26, 0x6e, 0x17, 0x25, 0xce, 0xe4, 0xfd, 0xde,
+ 0x86, 0xa8, 0x5a, 0x67, 0x47, 0x6b, 0x15, 0x09,
+ 0xe1, 0xec, 0x8e, 0x62, 0x98, 0x91, 0x6f, 0xc0,
+ 0x98, 0x0c, 0x70, 0x0e, 0x7d, 0xbe, 0x63, 0xbd,
+ 0x12, 0x5a, 0x98, 0x1c, 0xe3, 0x0c, 0xfb, 0xc7,
+ 0xfb, 0x1b, 0xbd, 0x02, 0x87, 0xcc, 0x0c, 0xbb,
+ 0xc2, 0xd4, 0xb6, 0xc1, 0xa1, 0x23, 0xd3, 0x1e,
+ 0x21, 0x6f, 0x48, 0xba, 0x0e, 0x2e, 0xc7, 0x42
+};
+
+static const uint8_t rsa4096_priv_key[] = {
+ 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02,
+ 0x82, 0x02, 0x01, 0x00, 0xcc, 0x30, 0xc6, 0x90,
+ 0x49, 0x2b, 0x86, 0xe7, 0x7a, 0xa5, 0x7a, 0x9a,
+ 0x4f, 0xee, 0x0e, 0xa1, 0x5c, 0x43, 0x64, 0xd0,
+ 0x76, 0xe1, 0xfd, 0x0b, 0xfd, 0x43, 0x7a, 0x65,
+ 0xe6, 0x20, 0xbd, 0xf2, 0x0e, 0xbe, 0x76, 0x54,
+ 0xae, 0x37, 0xbe, 0xa0, 0x02, 0x96, 0xae, 0x8d,
+ 0x8a, 0xae, 0x3b, 0x88, 0xbb, 0x67, 0xce, 0x7c,
+ 0x20, 0xbf, 0x14, 0xc3, 0x71, 0x51, 0x87, 0x03,
+ 0x34, 0xaa, 0x3c, 0x09, 0xff, 0xe9, 0xeb, 0xb7,
+ 0x85, 0x5c, 0xbb, 0x8d, 0xce, 0x8e, 0x3f, 0xd1,
+ 0x16, 0x30, 0x00, 0x32, 0x2f, 0x25, 0x8d, 0xef,
+ 0x71, 0xd9, 0xea, 0x6b, 0x45, 0x53, 0x49, 0xc3,
+ 0x09, 0x4f, 0xb0, 0xa8, 0xa5, 0x89, 0x76, 0x59,
+ 0x31, 0xa5, 0xf1, 0x5c, 0x42, 0x54, 0x57, 0x70,
+ 0x57, 0xad, 0xd8, 0xeb, 0x89, 0xa6, 0x87, 0xa2,
+ 0x6c, 0x95, 0x58, 0x8f, 0xb6, 0x82, 0xc7, 0xde,
+ 0xc2, 0x3a, 0xdc, 0x5b, 0xe8, 0x02, 0xcc, 0x26,
+ 0x4b, 0x01, 0xaa, 0xe6, 0xf3, 0x66, 0x4d, 0x90,
+ 0x85, 0xde, 0xf4, 0x5d, 0x80, 0x98, 0xc6, 0x65,
+ 0xcf, 0x44, 0x4c, 0xde, 0xb5, 0x4a, 0xfc, 0xda,
+ 0x0a, 0x0a, 0x10, 0x26, 0xa3, 0xcb, 0x9d, 0xe4,
+ 0x8d, 0xab, 0x2c, 0x04, 0xfd, 0xaa, 0xfc, 0x3b,
+ 0xac, 0x4e, 0x56, 0xb8, 0x4c, 0x9f, 0x22, 0x49,
+ 0xcb, 0x76, 0x45, 0x24, 0x36, 0x2d, 0xbb, 0xe6,
+ 0x7e, 0xa9, 0x93, 0x13, 0x96, 0x1e, 0xfc, 0x4b,
+ 0x75, 0xd4, 0x54, 0xc8, 0x8c, 0x55, 0xe6, 0x3f,
+ 0x09, 0x5a, 0x03, 0x74, 0x7c, 0x8a, 0xc8, 0xe7,
+ 0x49, 0x0b, 0x86, 0x7c, 0x97, 0xa0, 0xf2, 0x0d,
+ 0xf1, 0x5c, 0x0e, 0x7a, 0xc0, 0x3f, 0x78, 0x2d,
+ 0x9b, 0xe2, 0x26, 0xa0, 0x89, 0x49, 0x0c, 0xad,
+ 0x79, 0xa6, 0x82, 0x98, 0xa6, 0xb7, 0x74, 0xb4,
+ 0x45, 0xc8, 0xed, 0xea, 0x81, 0xcd, 0xf0, 0x3b,
+ 0x8e, 0x24, 0xfb, 0x0c, 0xd0, 0x3a, 0x14, 0xb9,
+ 0xb4, 0x3b, 0x69, 0xd9, 0xf2, 0x42, 0x6e, 0x7f,
+ 0x6f, 0x5e, 0xb1, 0x52, 0x5b, 0xaa, 0xef, 0xae,
+ 0x1e, 0x34, 0xca, 0xed, 0x0a, 0x8d, 0x56, 0xd6,
+ 0xdd, 0xd4, 0x2c, 0x54, 0x7a, 0x57, 0xca, 0x7e,
+ 0x4a, 0x11, 0xde, 0x48, 0xdf, 0x2b, 0x09, 0x97,
+ 0x39, 0x24, 0xce, 0x45, 0xe0, 0x75, 0xb1, 0x19,
+ 0x42, 0xdb, 0x63, 0x40, 0x9b, 0xb9, 0x95, 0x96,
+ 0x78, 0x91, 0xd5, 0x19, 0x12, 0xab, 0xef, 0x55,
+ 0x6f, 0x0d, 0x65, 0xc0, 0x8f, 0x62, 0x99, 0x78,
+ 0xc0, 0xe0, 0xe1, 0x33, 0xc7, 0x68, 0xff, 0x29,
+ 0x66, 0x22, 0x3a, 0x6f, 0xa0, 0xf8, 0x5c, 0x68,
+ 0x9b, 0xa9, 0x05, 0xad, 0x6b, 0x1d, 0xae, 0xc1,
+ 0x30, 0xbb, 0xfe, 0xb7, 0x31, 0x85, 0x0d, 0xd1,
+ 0xd5, 0xfc, 0x43, 0x1e, 0xb3, 0x61, 0x6f, 0xc4,
+ 0x75, 0xed, 0x76, 0x9d, 0x13, 0xb3, 0x61, 0x57,
+ 0xc8, 0x33, 0x0d, 0x77, 0x84, 0xf0, 0xc7, 0x62,
+ 0xb9, 0x9e, 0xd5, 0x01, 0xfa, 0x87, 0x4a, 0xf5,
+ 0xd7, 0x4f, 0x5d, 0xae, 0xe7, 0x08, 0xd2, 0x5a,
+ 0x65, 0x30, 0xc9, 0xf0, 0x0a, 0x11, 0xf1, 0x2a,
+ 0xd3, 0x43, 0x43, 0xca, 0x05, 0x90, 0x85, 0xf4,
+ 0xbc, 0x37, 0x49, 0x40, 0x45, 0x35, 0xd3, 0x56,
+ 0x06, 0x4c, 0x63, 0x93, 0x07, 0x14, 0x8b, 0xd3,
+ 0x12, 0xd0, 0xe5, 0x00, 0x48, 0x76, 0xd2, 0xdf,
+ 0x7c, 0xea, 0xc7, 0xff, 0xf0, 0x88, 0xd5, 0xa4,
+ 0x61, 0x7d, 0x79, 0xc2, 0xda, 0x53, 0x24, 0xdc,
+ 0x20, 0xae, 0xe6, 0x08, 0x65, 0xef, 0xc9, 0x0d,
+ 0x7d, 0x66, 0x6d, 0x1b, 0x1c, 0x5d, 0x46, 0xe1,
+ 0x26, 0x8a, 0x29, 0x77, 0x76, 0x19, 0xe5, 0x19,
+ 0x2a, 0x75, 0x21, 0xf1, 0x92, 0x8a, 0x9c, 0x7b,
+ 0xe8, 0x0b, 0x38, 0xc1, 0xbf, 0x76, 0x22, 0x45,
+ 0x4a, 0xd3, 0x43, 0xc3, 0x8c, 0x74, 0xd8, 0xd8,
+ 0xec, 0x3e, 0x14, 0xdf, 0x02, 0x03, 0x01, 0x00,
+ 0x01, 0x02, 0x82, 0x02, 0x01, 0x00, 0x9e, 0x13,
+ 0x64, 0xa5, 0x6e, 0xff, 0xf3, 0x80, 0x60, 0xc2,
+ 0x9b, 0x17, 0xbb, 0xa9, 0x60, 0x4a, 0x2b, 0x53,
+ 0x41, 0x48, 0xe1, 0xc0, 0x32, 0x56, 0x85, 0xcb,
+ 0x27, 0x86, 0x9b, 0x91, 0xdd, 0x7a, 0xf7, 0x4f,
+ 0x1b, 0xec, 0x92, 0xb3, 0x35, 0x30, 0x4a, 0xd0,
+ 0xbc, 0x71, 0x77, 0x5b, 0x4b, 0x5b, 0x9f, 0x39,
+ 0xcd, 0xf0, 0xea, 0xa9, 0x03, 0x3a, 0x0b, 0x10,
+ 0x42, 0xa5, 0x88, 0xb0, 0x01, 0xaa, 0xfc, 0x23,
+ 0xec, 0x08, 0x37, 0x86, 0x82, 0xec, 0x55, 0x6c,
+ 0x6a, 0x9b, 0x43, 0xc2, 0x05, 0x64, 0xd4, 0x7b,
+ 0x0e, 0x56, 0xc0, 0x9d, 0x23, 0x8d, 0xc8, 0x2d,
+ 0xa2, 0x7d, 0x0b, 0x48, 0x56, 0x4b, 0x39, 0x5c,
+ 0x21, 0xf3, 0x0b, 0x2c, 0x9c, 0x9d, 0xff, 0xfb,
+ 0xab, 0x75, 0x9d, 0x6b, 0x48, 0xf3, 0x8f, 0xad,
+ 0x0c, 0x74, 0x01, 0xfb, 0xdc, 0x83, 0xe5, 0x97,
+ 0x79, 0x84, 0x4a, 0x79, 0xa6, 0xfe, 0xbf, 0xae,
+ 0xea, 0xbc, 0xfa, 0x74, 0x60, 0x0a, 0x4b, 0x84,
+ 0x77, 0xa7, 0xda, 0xfb, 0xaf, 0xd2, 0x73, 0x2b,
+ 0xd2, 0xec, 0x1e, 0x79, 0x91, 0xc9, 0x18, 0x30,
+ 0xe5, 0x6f, 0x27, 0x36, 0x83, 0x2a, 0x66, 0xc3,
+ 0xcb, 0x88, 0x94, 0xe4, 0x5f, 0x3f, 0xbd, 0xe2,
+ 0x11, 0x43, 0x61, 0x31, 0x84, 0x91, 0x49, 0x40,
+ 0x29, 0x1b, 0x58, 0x18, 0x47, 0x8e, 0xb1, 0x22,
+ 0xd6, 0xc4, 0xaa, 0x6a, 0x3d, 0x22, 0x7c, 0xa5,
+ 0xa0, 0x4c, 0x0a, 0xfc, 0x46, 0x66, 0xbb, 0xbe,
+ 0x04, 0x71, 0xe8, 0x9b, 0x76, 0xf1, 0x47, 0x39,
+ 0x6a, 0x2f, 0x23, 0xad, 0x78, 0x80, 0x1c, 0x22,
+ 0xcd, 0x41, 0x5e, 0x09, 0x16, 0x6c, 0x91, 0x48,
+ 0x91, 0x91, 0x3d, 0x8c, 0xe6, 0xba, 0x81, 0x8d,
+ 0xbb, 0xf2, 0xd0, 0xaa, 0xc7, 0x8f, 0xc6, 0x01,
+ 0x60, 0xa7, 0xef, 0x1e, 0x8e, 0x91, 0x6d, 0xcc,
+ 0x30, 0x9e, 0xea, 0x7c, 0x56, 0x9d, 0x42, 0xcf,
+ 0x44, 0x85, 0x52, 0xa8, 0xf2, 0x36, 0x9c, 0x46,
+ 0xfa, 0x9d, 0xd3, 0x4e, 0x13, 0x46, 0x81, 0xce,
+ 0x99, 0xc9, 0x58, 0x47, 0xe4, 0xeb, 0x27, 0x56,
+ 0x29, 0x61, 0x0f, 0xb5, 0xcb, 0xf3, 0x48, 0x58,
+ 0x8f, 0xbc, 0xaf, 0x0a, 0xbf, 0x40, 0xd1, 0xf6,
+ 0x4f, 0xd2, 0x89, 0x4a, 0xff, 0x6f, 0x54, 0x70,
+ 0x49, 0x42, 0xf6, 0xf8, 0x0e, 0x4f, 0xa5, 0xf6,
+ 0x8b, 0x49, 0x80, 0xd4, 0xf5, 0x03, 0xf8, 0x65,
+ 0xe7, 0x1f, 0x0a, 0xc0, 0x8f, 0xd3, 0x7a, 0x70,
+ 0xca, 0x67, 0xaf, 0x71, 0xfd, 0x4b, 0xe1, 0x17,
+ 0x76, 0x74, 0x2e, 0x12, 0x7b, 0xad, 0x4b, 0xbb,
+ 0xd2, 0x64, 0xd0, 0xa9, 0xf9, 0x79, 0xa9, 0xa6,
+ 0x03, 0xd2, 0xc2, 0x8f, 0x47, 0x59, 0x1b, 0x7c,
+ 0xe3, 0xce, 0x92, 0xb2, 0xac, 0x3e, 0xee, 0x12,
+ 0x43, 0x5f, 0x23, 0xec, 0xf1, 0xd3, 0xf2, 0x21,
+ 0x22, 0xe8, 0x7e, 0x7f, 0xa4, 0x93, 0x8e, 0x78,
+ 0x69, 0x69, 0xa0, 0xc9, 0xce, 0x86, 0x36, 0x13,
+ 0x10, 0x21, 0xc4, 0x7a, 0x52, 0xcf, 0x53, 0xd9,
+ 0x9b, 0x58, 0xe6, 0x2d, 0xeb, 0x60, 0xe3, 0x75,
+ 0x1a, 0x22, 0xf6, 0x3c, 0x54, 0x6b, 0xfa, 0xa1,
+ 0x5d, 0xf6, 0x38, 0xf0, 0xd4, 0x26, 0x2d, 0x7d,
+ 0x74, 0x99, 0x6a, 0x13, 0x8a, 0x07, 0x9f, 0x07,
+ 0xc5, 0xf4, 0xa8, 0x20, 0x11, 0xa9, 0x76, 0x11,
+ 0xe4, 0x48, 0xae, 0xa4, 0x8a, 0xa1, 0xbf, 0x1f,
+ 0xba, 0x37, 0x50, 0x53, 0x43, 0x91, 0x45, 0x88,
+ 0x03, 0x52, 0xba, 0xac, 0xc8, 0xe3, 0xe1, 0xba,
+ 0x63, 0x24, 0x72, 0xbe, 0x1d, 0x01, 0x1f, 0x6c,
+ 0x34, 0x10, 0xb8, 0x56, 0x4a, 0x67, 0x28, 0x4b,
+ 0x7a, 0x2b, 0x31, 0x29, 0x47, 0xda, 0xdf, 0x53,
+ 0x88, 0x79, 0x22, 0x31, 0x15, 0x56, 0xe3, 0xa0,
+ 0x79, 0x75, 0x94, 0x90, 0xb2, 0xe8, 0x4b, 0xca,
+ 0x82, 0x6d, 0x3c, 0x69, 0x43, 0x01, 0x02, 0x82,
+ 0x01, 0x01, 0x00, 0xe7, 0x8b, 0xd6, 0x1a, 0xe8,
+ 0x00, 0xed, 0x9d, 0x7c, 0x5a, 0x32, 0x10, 0xc1,
+ 0x53, 0x50, 0xbe, 0x27, 0x1d, 0xef, 0x69, 0x73,
+ 0xa2, 0x8f, 0x95, 0x96, 0x86, 0xfe, 0xfb, 0x82,
+ 0xdb, 0xea, 0x7d, 0x73, 0x5a, 0x2b, 0xe7, 0x4b,
+ 0xd5, 0x8f, 0x4f, 0xaf, 0x85, 0x1d, 0x15, 0x1a,
+ 0x58, 0x5f, 0x41, 0x79, 0x70, 0x5c, 0x8f, 0xa9,
+ 0x8e, 0x23, 0x31, 0xa7, 0x6d, 0x99, 0x0c, 0xf0,
+ 0x51, 0xbf, 0xbb, 0xd3, 0xe3, 0xa3, 0x34, 0xf0,
+ 0x1d, 0x7f, 0x4a, 0xb7, 0x8f, 0xf6, 0x0a, 0x49,
+ 0x65, 0xaf, 0x35, 0x7b, 0x02, 0x2e, 0x69, 0x49,
+ 0x95, 0xb5, 0x20, 0x70, 0xb2, 0x98, 0x54, 0x9b,
+ 0x8e, 0x4f, 0x48, 0xa8, 0xfa, 0x7e, 0xc7, 0x0a,
+ 0xae, 0x84, 0xe1, 0xba, 0x85, 0x98, 0x96, 0x8a,
+ 0x7c, 0xdd, 0xcc, 0xcd, 0xd8, 0x5b, 0x50, 0x60,
+ 0x88, 0x2d, 0xb6, 0x3e, 0xb8, 0xc2, 0xae, 0xa5,
+ 0x62, 0x10, 0xcd, 0xdc, 0xae, 0x86, 0xfe, 0x31,
+ 0x8b, 0xf7, 0xee, 0x1a, 0x35, 0x46, 0x83, 0xee,
+ 0x5f, 0x55, 0x9a, 0xc2, 0xca, 0x53, 0xb7, 0x2c,
+ 0xbf, 0x03, 0x8a, 0x78, 0xcc, 0x1d, 0x96, 0x7b,
+ 0xac, 0x00, 0x62, 0x1e, 0xbd, 0x6f, 0x0b, 0xa5,
+ 0xec, 0xf3, 0x02, 0x47, 0x47, 0x1e, 0x3d, 0xf6,
+ 0x78, 0x42, 0xe4, 0xcd, 0xf8, 0x14, 0xa3, 0x7d,
+ 0xd5, 0x2f, 0x6e, 0xcc, 0x1a, 0x9e, 0xe7, 0xcf,
+ 0x48, 0xb9, 0x80, 0xb8, 0xba, 0xaa, 0x7b, 0xae,
+ 0x65, 0x74, 0x09, 0x7b, 0x43, 0x26, 0x31, 0xa2,
+ 0x95, 0x43, 0x69, 0xd0, 0xb7, 0x95, 0xe4, 0x76,
+ 0x2c, 0x42, 0x19, 0x47, 0x4f, 0x63, 0x35, 0x9c,
+ 0xa2, 0x1a, 0xce, 0x28, 0xdf, 0x76, 0x98, 0x1d,
+ 0xd4, 0x2e, 0xf6, 0x3a, 0xc8, 0x3e, 0xc7, 0xaf,
+ 0xf7, 0x38, 0x3f, 0x83, 0x3a, 0xcb, 0xae, 0x41,
+ 0x75, 0x46, 0x63, 0xaa, 0x45, 0xb1, 0x2c, 0xd9,
+ 0x9f, 0x17, 0x37, 0x02, 0x82, 0x01, 0x01, 0x00,
+ 0xe1, 0xc1, 0x57, 0x4d, 0x0f, 0xa5, 0xea, 0x1d,
+ 0x39, 0x9c, 0xe0, 0xf0, 0x6d, 0x13, 0x7f, 0x79,
+ 0xdc, 0x72, 0x61, 0xc0, 0x7f, 0x88, 0xf6, 0x38,
+ 0x4f, 0x49, 0x06, 0x1e, 0xb8, 0x6c, 0x21, 0x04,
+ 0x60, 0x76, 0x5a, 0x6d, 0x04, 0xd1, 0x6d, 0xac,
+ 0x7c, 0x25, 0x4f, 0x32, 0xcb, 0xbc, 0xf8, 0x4a,
+ 0x22, 0x8f, 0xf5, 0x41, 0xfd, 0x1c, 0x76, 0x30,
+ 0xc2, 0x5f, 0x99, 0x13, 0x5c, 0x57, 0x0f, 0xfd,
+ 0xac, 0x0b, 0x10, 0x9a, 0x4f, 0x78, 0x0a, 0x86,
+ 0xe8, 0x07, 0x40, 0x40, 0x13, 0xba, 0x96, 0x07,
+ 0xd5, 0x39, 0x91, 0x51, 0x3e, 0x80, 0xd8, 0xa0,
+ 0x1f, 0xff, 0xdc, 0x9e, 0x09, 0x3b, 0xae, 0x38,
+ 0xa9, 0xc2, 0x14, 0x7b, 0xee, 0xd2, 0x69, 0x3d,
+ 0xd6, 0x26, 0x74, 0x72, 0x7b, 0x86, 0xd4, 0x13,
+ 0x5b, 0xb8, 0x76, 0x4b, 0x08, 0xfb, 0x93, 0xfa,
+ 0x44, 0xaf, 0x98, 0x3b, 0xfa, 0xd0, 0x2a, 0x04,
+ 0x8b, 0xb3, 0x3c, 0x6d, 0x32, 0xf7, 0x18, 0x6a,
+ 0x51, 0x0e, 0x40, 0x90, 0xce, 0x8e, 0xdf, 0xe8,
+ 0x07, 0x4c, 0x0f, 0xc7, 0xc8, 0xc2, 0x18, 0x58,
+ 0x6a, 0x01, 0xc8, 0x27, 0xd6, 0x43, 0x2a, 0xfb,
+ 0xa5, 0x34, 0x01, 0x3c, 0x72, 0xb1, 0x48, 0xce,
+ 0x2b, 0x9b, 0xb4, 0x69, 0xd9, 0x82, 0xf8, 0xbe,
+ 0x29, 0x88, 0x75, 0x96, 0xd8, 0xef, 0x78, 0x2a,
+ 0x07, 0x90, 0xa0, 0x56, 0x33, 0x42, 0x05, 0x19,
+ 0xb0, 0x69, 0x34, 0xf9, 0x03, 0xc5, 0xa8, 0x0d,
+ 0x72, 0xa2, 0x27, 0xb4, 0x45, 0x6d, 0xd2, 0x01,
+ 0x6c, 0xf1, 0x74, 0x51, 0x0a, 0x9a, 0xe2, 0xc1,
+ 0x96, 0x80, 0x30, 0x0e, 0xc6, 0xa9, 0x79, 0xf7,
+ 0x6f, 0xaf, 0xf6, 0xe8, 0x2a, 0xcc, 0xbd, 0xad,
+ 0x8f, 0xe0, 0x32, 0x87, 0x85, 0x49, 0x68, 0x88,
+ 0x15, 0x5c, 0xdb, 0x48, 0x40, 0xa2, 0xfa, 0x42,
+ 0xe8, 0x4e, 0x3e, 0xe2, 0x3f, 0xe0, 0xf3, 0x99,
+ 0x02, 0x82, 0x01, 0x00, 0x08, 0x39, 0x97, 0x69,
+ 0x6d, 0x44, 0x5b, 0x2c, 0x74, 0xf6, 0x5f, 0x40,
+ 0xe9, 0x1d, 0x24, 0x89, 0x1c, 0xaa, 0x9b, 0x8e,
+ 0x8b, 0x65, 0x02, 0xe4, 0xb5, 0x6c, 0x26, 0x32,
+ 0x98, 0xfb, 0x66, 0xe0, 0xfd, 0xef, 0xfe, 0x0f,
+ 0x41, 0x4a, 0x5c, 0xc4, 0xdf, 0xdf, 0x42, 0xa1,
+ 0x35, 0x46, 0x5e, 0x5b, 0xdd, 0x0c, 0x78, 0xbd,
+ 0x41, 0xb0, 0xa2, 0xdf, 0x68, 0xab, 0x23, 0xfc,
+ 0xa9, 0xac, 0xbd, 0xba, 0xd6, 0x54, 0x07, 0xc0,
+ 0x21, 0xa7, 0x6a, 0x96, 0x24, 0xdf, 0x20, 0x46,
+ 0x4d, 0x45, 0x27, 0x6c, 0x26, 0xea, 0x74, 0xeb,
+ 0x98, 0x89, 0x90, 0xdd, 0x8e, 0x23, 0x49, 0xf5,
+ 0xf7, 0x70, 0x9e, 0xb0, 0x5e, 0x10, 0x47, 0xe0,
+ 0x9a, 0x28, 0x88, 0xdf, 0xdb, 0xd8, 0x53, 0x0b,
+ 0x45, 0xf0, 0x19, 0x90, 0xe4, 0xdf, 0x02, 0x9f,
+ 0x60, 0x4e, 0x76, 0x11, 0x3b, 0x39, 0x24, 0xf1,
+ 0x3f, 0x3e, 0xb4, 0x8a, 0x1b, 0x84, 0xb7, 0x96,
+ 0xdf, 0xfb, 0xb0, 0xda, 0xec, 0x63, 0x68, 0x15,
+ 0xd7, 0xa9, 0xdb, 0x48, 0x9c, 0x12, 0xc3, 0xd6,
+ 0x85, 0xe8, 0x63, 0x1f, 0xd0, 0x1a, 0xb0, 0x12,
+ 0x60, 0x62, 0x43, 0xc1, 0x38, 0x86, 0x52, 0x23,
+ 0x7f, 0xc9, 0x62, 0xf8, 0x79, 0xbf, 0xb4, 0xfb,
+ 0x4e, 0x7e, 0x07, 0x22, 0x49, 0x8e, 0xbe, 0x6c,
+ 0xf0, 0x53, 0x5a, 0x53, 0xfd, 0x3c, 0x14, 0xd8,
+ 0xf7, 0x2c, 0x06, 0x2a, 0xe4, 0x64, 0xfd, 0x19,
+ 0x57, 0xa0, 0x92, 0xf6, 0xa3, 0x42, 0x47, 0x61,
+ 0x0b, 0xfd, 0x71, 0x5f, 0x98, 0xe2, 0x6c, 0x98,
+ 0xa8, 0xf9, 0xf9, 0x7f, 0x1c, 0x61, 0x5d, 0x8c,
+ 0xd1, 0xfb, 0x90, 0x28, 0x32, 0x9b, 0x7d, 0x82,
+ 0xf9, 0xcc, 0x47, 0xbe, 0xc7, 0x67, 0xc5, 0x93,
+ 0x22, 0x55, 0x0d, 0xd2, 0x73, 0xbe, 0xea, 0xed,
+ 0x4d, 0xb5, 0xf4, 0xc2, 0x25, 0x92, 0x44, 0x30,
+ 0xeb, 0xaa, 0x13, 0x11, 0x02, 0x82, 0x01, 0x01,
+ 0x00, 0x82, 0x42, 0x02, 0x53, 0x4e, 0x72, 0x16,
+ 0xf1, 0x21, 0xea, 0xe8, 0xc7, 0x10, 0xc8, 0xad,
+ 0x46, 0xec, 0xf1, 0x7a, 0x81, 0x8d, 0x94, 0xc3,
+ 0x2c, 0x9e, 0x62, 0xae, 0x0b, 0x4f, 0xb1, 0xe4,
+ 0x23, 0x18, 0x5d, 0x71, 0xb3, 0x71, 0x92, 0x3d,
+ 0x4b, 0xc6, 0x9d, 0xe8, 0x62, 0x90, 0xb7, 0xca,
+ 0x33, 0x4c, 0x59, 0xef, 0xd3, 0x51, 0x6d, 0xf8,
+ 0xac, 0x0d, 0x9b, 0x07, 0x41, 0xea, 0x87, 0xb9,
+ 0x8c, 0x4e, 0x96, 0x5b, 0xd0, 0x0d, 0x86, 0x5f,
+ 0xdc, 0x93, 0x48, 0x8b, 0xc3, 0xed, 0x1e, 0x3d,
+ 0xae, 0xeb, 0x52, 0xba, 0x0c, 0x3c, 0x9a, 0x2f,
+ 0x63, 0xc4, 0xd2, 0xe6, 0xc2, 0xb0, 0xe5, 0x24,
+ 0x93, 0x41, 0x2f, 0xe0, 0x8d, 0xd9, 0xb0, 0xc2,
+ 0x54, 0x91, 0x99, 0xc2, 0x9a, 0xc3, 0xb7, 0x79,
+ 0xea, 0x69, 0x83, 0xb7, 0x8d, 0x77, 0xf3, 0x60,
+ 0xe0, 0x88, 0x7d, 0x20, 0xc3, 0x8a, 0xe6, 0x4d,
+ 0x38, 0x2e, 0x3b, 0x0e, 0xe4, 0x9b, 0x01, 0x83,
+ 0xae, 0xe4, 0x71, 0xea, 0xc3, 0x22, 0xcb, 0xc1,
+ 0x59, 0xa9, 0xcc, 0x33, 0x56, 0xbc, 0xf9, 0x70,
+ 0xfe, 0xa2, 0xbb, 0xc0, 0x77, 0x6b, 0xe3, 0x79,
+ 0x8b, 0x95, 0x38, 0xba, 0x75, 0xdc, 0x5f, 0x7a,
+ 0x78, 0xab, 0x24, 0xbe, 0x26, 0x4d, 0x00, 0x8a,
+ 0xf1, 0x7e, 0x19, 0x64, 0x6f, 0xd3, 0x5f, 0xe8,
+ 0xdf, 0xa7, 0x59, 0xc5, 0x89, 0xb7, 0x2d, 0xa2,
+ 0xaf, 0xbd, 0xe0, 0x16, 0x56, 0x8f, 0xdc, 0x9e,
+ 0x28, 0x94, 0x3a, 0x07, 0xda, 0xb6, 0x2c, 0xb5,
+ 0x7d, 0x69, 0x14, 0xb0, 0x5e, 0x8a, 0x55, 0xef,
+ 0xfc, 0x6f, 0x10, 0x2b, 0xaa, 0x7a, 0xea, 0x12,
+ 0x9b, 0xb8, 0x6f, 0xb9, 0x71, 0x20, 0x30, 0xde,
+ 0x48, 0xa4, 0xb9, 0x61, 0xae, 0x5c, 0x33, 0x8d,
+ 0x02, 0xe8, 0x00, 0x99, 0xed, 0xc8, 0x8d, 0xc1,
+ 0x04, 0x95, 0xf1, 0x7f, 0xcb, 0x1f, 0xbc, 0x76,
+ 0x11, 0x02, 0x82, 0x01, 0x00, 0x2d, 0x0c, 0xa9,
+ 0x8f, 0x11, 0xc2, 0xf3, 0x02, 0xc8, 0xf2, 0x55,
+ 0xc5, 0x6d, 0x25, 0x88, 0xba, 0x59, 0xf6, 0xd1,
+ 0xdb, 0x94, 0x2f, 0x0b, 0x65, 0x2c, 0xad, 0x54,
+ 0xe0, 0x2b, 0xe6, 0xa3, 0x49, 0xa2, 0xb3, 0xca,
+ 0xd7, 0xec, 0x27, 0x32, 0xbb, 0xa4, 0x16, 0x90,
+ 0xbb, 0x67, 0xad, 0x1b, 0xb9, 0x0f, 0x78, 0xcb,
+ 0xad, 0x5c, 0xc3, 0x66, 0xd6, 0xbb, 0x97, 0x28,
+ 0x01, 0x31, 0xf9, 0x0f, 0x71, 0x2a, 0xb9, 0x5b,
+ 0xea, 0x34, 0x49, 0x9c, 0x6b, 0x13, 0x40, 0x65,
+ 0xbd, 0x18, 0x0a, 0x14, 0xf9, 0x33, 0x47, 0xe8,
+ 0x9f, 0x64, 0x0e, 0x24, 0xf6, 0xbb, 0x90, 0x23,
+ 0x66, 0x01, 0xa6, 0xa4, 0xa9, 0x7f, 0x64, 0x51,
+ 0xa3, 0x8a, 0x73, 0xc1, 0x80, 0xaf, 0x7a, 0x49,
+ 0x75, 0x5d, 0x56, 0x1c, 0xaa, 0x3f, 0x64, 0xa9,
+ 0x96, 0xfd, 0xb0, 0x90, 0xc5, 0xe0, 0x3d, 0x36,
+ 0x05, 0xad, 0xad, 0x84, 0x93, 0x84, 0xab, 0x1b,
+ 0x34, 0x57, 0x39, 0xae, 0x0e, 0x80, 0x0f, 0x4a,
+ 0x9b, 0x32, 0x56, 0xbd, 0x30, 0xeb, 0xd1, 0xc8,
+ 0xc4, 0x9f, 0x9c, 0x07, 0xb6, 0x05, 0xb1, 0x21,
+ 0x7f, 0x69, 0x92, 0x9f, 0xb7, 0x68, 0xe7, 0xde,
+ 0xb7, 0xbc, 0xb4, 0x89, 0x5b, 0x1c, 0x1b, 0x48,
+ 0xd1, 0x44, 0x6e, 0xd7, 0x6b, 0xe2, 0xa1, 0xf4,
+ 0xbf, 0x17, 0xb4, 0x43, 0x70, 0x26, 0xd4, 0xb9,
+ 0xf5, 0x19, 0x09, 0x08, 0xe9, 0xa3, 0x49, 0x7d,
+ 0x2f, 0xdc, 0xe8, 0x75, 0x79, 0xa1, 0xc1, 0x70,
+ 0x1b, 0x60, 0x97, 0xaf, 0x0c, 0x56, 0x68, 0xac,
+ 0x0e, 0x53, 0xbe, 0x56, 0xf4, 0xc3, 0xb1, 0xfb,
+ 0xfb, 0xff, 0x73, 0x5b, 0xa7, 0xf6, 0x99, 0x0e,
+ 0x14, 0x5a, 0x5f, 0x9d, 0xbd, 0x8e, 0x94, 0xec,
+ 0x8b, 0x38, 0x72, 0xbc, 0x8b, 0xca, 0x32, 0xa8,
+ 0x39, 0x43, 0xb1, 0x1d, 0x43, 0x29, 0xbe, 0x60,
+ 0xdb, 0x91, 0x6c, 0x9c, 0x06,
+};
diff --git a/tests/unit/meson.build b/tests/unit/meson.build
index 5a7993e56c..287b367ec3 100644
--- a/tests/unit/meson.build
+++ b/tests/unit/meson.build
@@ -77,6 +77,7 @@ if have_block
'test-crypto-hash': [crypto],
'test-crypto-hmac': [crypto],
'test-crypto-cipher': [crypto],
+ 'test-crypto-akcipher': [crypto],
'test-crypto-secret': [crypto, keyutils],
'test-crypto-der': [crypto],
'test-authz-simple': [authz],
diff --git a/tests/unit/test-crypto-akcipher.c b/tests/unit/test-crypto-akcipher.c
new file mode 100644
index 0000000000..b5be563884
--- /dev/null
+++ b/tests/unit/test-crypto-akcipher.c
@@ -0,0 +1,711 @@
+/*
+ * QEMU Crypto cipher algorithms
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: lei he <helei.sig11@bytedance.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+
+#include "crypto/init.h"
+#include "crypto/akcipher.h"
+#include "qapi/error.h"
+
+static const uint8_t rsa1024_private_key[] = {
+ 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02,
+ 0x81, 0x81, 0x00, 0xe6, 0x4d, 0x76, 0x4f, 0xb2,
+ 0x97, 0x09, 0xad, 0x9d, 0x17, 0x33, 0xf2, 0x30,
+ 0x42, 0x83, 0xa9, 0xcb, 0x49, 0xa4, 0x2e, 0x59,
+ 0x5e, 0x75, 0x51, 0xd1, 0xac, 0xc8, 0x86, 0x3e,
+ 0xdb, 0x72, 0x2e, 0xb2, 0xf7, 0xc3, 0x5b, 0xc7,
+ 0xea, 0xed, 0x30, 0xd1, 0xf7, 0x37, 0xee, 0x9d,
+ 0x36, 0x59, 0x6f, 0xf8, 0xce, 0xc0, 0x5c, 0x82,
+ 0x80, 0x37, 0x83, 0xd7, 0x45, 0x6a, 0xe9, 0xea,
+ 0xc5, 0x3a, 0x59, 0x6b, 0x34, 0x31, 0x44, 0x00,
+ 0x74, 0xa7, 0x29, 0xab, 0x79, 0x4a, 0xbd, 0xe8,
+ 0x25, 0x35, 0x01, 0x11, 0x40, 0xbf, 0x31, 0xbd,
+ 0xd3, 0xe0, 0x68, 0x1e, 0xd5, 0x5b, 0x2f, 0xe9,
+ 0x20, 0xf2, 0x9f, 0x46, 0x35, 0x30, 0xa8, 0xf1,
+ 0xfe, 0xef, 0xd8, 0x76, 0x23, 0x46, 0x34, 0x70,
+ 0xa1, 0xce, 0xc6, 0x65, 0x6d, 0xb0, 0x94, 0x7e,
+ 0xe5, 0x92, 0x45, 0x7b, 0xaa, 0xbb, 0x95, 0x97,
+ 0x77, 0xcd, 0xd3, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x81, 0x80, 0x30, 0x6a, 0xc4, 0x9e, 0xc8,
+ 0xba, 0xfc, 0x2b, 0xe5, 0xc4, 0xc5, 0x04, 0xfb,
+ 0xa4, 0x60, 0x2d, 0xc8, 0x31, 0x39, 0x35, 0x0d,
+ 0x50, 0xd0, 0x75, 0x5d, 0x11, 0x68, 0x2e, 0xe0,
+ 0xf4, 0x1d, 0xb3, 0x37, 0xa8, 0xe3, 0x07, 0x5e,
+ 0xa6, 0x43, 0x2b, 0x6a, 0x59, 0x01, 0x07, 0x47,
+ 0x41, 0xef, 0xd7, 0x9c, 0x85, 0x4a, 0xe7, 0xa7,
+ 0xff, 0xf0, 0xab, 0xe5, 0x0c, 0x11, 0x08, 0x10,
+ 0x75, 0x5a, 0x68, 0xa0, 0x08, 0x03, 0xc9, 0x40,
+ 0x79, 0x67, 0x1d, 0x65, 0x89, 0x2d, 0x08, 0xf9,
+ 0xb5, 0x1b, 0x7d, 0xd2, 0x41, 0x3b, 0x33, 0xf2,
+ 0x47, 0x2f, 0x9c, 0x0b, 0xd5, 0xaf, 0xcb, 0xdb,
+ 0xbb, 0x37, 0x63, 0x03, 0xf8, 0xe7, 0x2e, 0xc7,
+ 0x3c, 0x86, 0x9f, 0xc2, 0x9b, 0xb4, 0x70, 0x6a,
+ 0x4d, 0x7c, 0xe4, 0x1b, 0x3a, 0xa9, 0xae, 0xd7,
+ 0xce, 0x7f, 0x56, 0xc2, 0x73, 0x5e, 0x58, 0x63,
+ 0xd5, 0x86, 0x41, 0x02, 0x41, 0x00, 0xf6, 0x56,
+ 0x69, 0xec, 0xef, 0x65, 0x95, 0xdc, 0x25, 0x47,
+ 0xe0, 0x6f, 0xb0, 0x4f, 0x79, 0x77, 0x0a, 0x5e,
+ 0x46, 0xcb, 0xbd, 0x0b, 0x71, 0x51, 0x2a, 0xa4,
+ 0x65, 0x29, 0x18, 0xc6, 0x30, 0xa0, 0x95, 0x4c,
+ 0x4b, 0xbe, 0x8c, 0x40, 0xe3, 0x9c, 0x23, 0x02,
+ 0x14, 0x43, 0xe9, 0x64, 0xea, 0xe3, 0xa8, 0xe2,
+ 0x1a, 0xd5, 0xf9, 0x5c, 0xe0, 0x36, 0x2c, 0x97,
+ 0xda, 0xd5, 0xc7, 0x46, 0xce, 0x11, 0x02, 0x41,
+ 0x00, 0xef, 0x56, 0x08, 0xb8, 0x29, 0xa5, 0xa6,
+ 0x7c, 0xf7, 0x5f, 0xb4, 0xf5, 0x63, 0xe7, 0xeb,
+ 0x45, 0xfd, 0x89, 0xaa, 0x94, 0xa6, 0x3d, 0x0b,
+ 0xd9, 0x04, 0x6f, 0x78, 0xe0, 0xbb, 0xa2, 0xd4,
+ 0x29, 0x83, 0x17, 0x95, 0x6f, 0x50, 0x3d, 0x40,
+ 0x5d, 0xe5, 0x24, 0xda, 0xc2, 0x23, 0x50, 0x86,
+ 0xa8, 0x34, 0xc8, 0x6f, 0xec, 0x7f, 0xb6, 0x45,
+ 0x3a, 0xdd, 0x78, 0x9b, 0xee, 0xa1, 0xe4, 0x09,
+ 0xa3, 0x02, 0x40, 0x5c, 0xd6, 0x66, 0x67, 0x58,
+ 0x35, 0xc5, 0xcb, 0xc8, 0xf5, 0x14, 0xbd, 0xa3,
+ 0x09, 0xe0, 0xb2, 0x1f, 0x63, 0x36, 0x75, 0x34,
+ 0x52, 0xea, 0xaa, 0xf7, 0x52, 0x2b, 0x99, 0xd8,
+ 0x6f, 0x61, 0x06, 0x34, 0x1e, 0x23, 0xf1, 0xb5,
+ 0x34, 0x03, 0x53, 0xe5, 0xd1, 0xb3, 0xc7, 0x80,
+ 0x5f, 0x7b, 0x32, 0xbf, 0x84, 0x2f, 0x2e, 0xf3,
+ 0x22, 0xb0, 0x91, 0x5a, 0x2f, 0x04, 0xd7, 0x4a,
+ 0x9a, 0x01, 0xb1, 0x02, 0x40, 0x34, 0x0b, 0x26,
+ 0x4c, 0x3d, 0xaa, 0x2a, 0xc0, 0xe3, 0xdd, 0xe8,
+ 0xf0, 0xaf, 0x6f, 0xe0, 0x06, 0x51, 0x32, 0x9d,
+ 0x68, 0x43, 0x99, 0xe4, 0xb8, 0xa5, 0x31, 0x44,
+ 0x3c, 0xc2, 0x30, 0x8f, 0x28, 0x13, 0xbc, 0x8e,
+ 0x1f, 0x2d, 0x78, 0x94, 0x45, 0x96, 0xad, 0x63,
+ 0xf0, 0x71, 0x53, 0x72, 0x64, 0xa3, 0x4d, 0xae,
+ 0xa0, 0xe3, 0xc8, 0x93, 0xd7, 0x50, 0x0f, 0x89,
+ 0x00, 0xe4, 0x2d, 0x3d, 0x37, 0x02, 0x41, 0x00,
+ 0xbe, 0xa6, 0x08, 0xe0, 0xc8, 0x15, 0x2a, 0x47,
+ 0xcb, 0xd5, 0xec, 0x93, 0xd3, 0xaa, 0x12, 0x82,
+ 0xaf, 0xac, 0x51, 0x5a, 0x5b, 0xa7, 0x93, 0x4b,
+ 0xb9, 0xab, 0x00, 0xfa, 0x5a, 0xea, 0x34, 0xe4,
+ 0x80, 0xf1, 0x44, 0x6a, 0x65, 0xe4, 0x33, 0x99,
+ 0xfb, 0x54, 0xd7, 0x89, 0x5a, 0x1b, 0xd6, 0x2b,
+ 0xcc, 0x6e, 0x4b, 0x19, 0xa0, 0x6d, 0x93, 0x9f,
+ 0xc3, 0x91, 0x7a, 0xa5, 0xd8, 0x59, 0x0e, 0x9e,
+};
+
+static const uint8_t rsa1024_public_key[] = {
+ 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe6,
+ 0x4d, 0x76, 0x4f, 0xb2, 0x97, 0x09, 0xad, 0x9d,
+ 0x17, 0x33, 0xf2, 0x30, 0x42, 0x83, 0xa9, 0xcb,
+ 0x49, 0xa4, 0x2e, 0x59, 0x5e, 0x75, 0x51, 0xd1,
+ 0xac, 0xc8, 0x86, 0x3e, 0xdb, 0x72, 0x2e, 0xb2,
+ 0xf7, 0xc3, 0x5b, 0xc7, 0xea, 0xed, 0x30, 0xd1,
+ 0xf7, 0x37, 0xee, 0x9d, 0x36, 0x59, 0x6f, 0xf8,
+ 0xce, 0xc0, 0x5c, 0x82, 0x80, 0x37, 0x83, 0xd7,
+ 0x45, 0x6a, 0xe9, 0xea, 0xc5, 0x3a, 0x59, 0x6b,
+ 0x34, 0x31, 0x44, 0x00, 0x74, 0xa7, 0x29, 0xab,
+ 0x79, 0x4a, 0xbd, 0xe8, 0x25, 0x35, 0x01, 0x11,
+ 0x40, 0xbf, 0x31, 0xbd, 0xd3, 0xe0, 0x68, 0x1e,
+ 0xd5, 0x5b, 0x2f, 0xe9, 0x20, 0xf2, 0x9f, 0x46,
+ 0x35, 0x30, 0xa8, 0xf1, 0xfe, 0xef, 0xd8, 0x76,
+ 0x23, 0x46, 0x34, 0x70, 0xa1, 0xce, 0xc6, 0x65,
+ 0x6d, 0xb0, 0x94, 0x7e, 0xe5, 0x92, 0x45, 0x7b,
+ 0xaa, 0xbb, 0x95, 0x97, 0x77, 0xcd, 0xd3, 0x02,
+ 0x03, 0x01, 0x00, 0x01,
+};
+
+static const uint8_t rsa2048_private_key[] = {
+ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02,
+ 0x82, 0x01, 0x01, 0x00, 0xbd, 0x9c, 0x83, 0x6b,
+ 0x0e, 0x8e, 0xcf, 0xfa, 0xaa, 0x4f, 0x6a, 0xf4,
+ 0xe3, 0x52, 0x0f, 0xa5, 0xd0, 0xbe, 0x5e, 0x7f,
+ 0x08, 0x24, 0xba, 0x87, 0x46, 0xfb, 0x28, 0x93,
+ 0xe5, 0xe5, 0x81, 0x42, 0xc0, 0xf9, 0x17, 0xc7,
+ 0x81, 0x01, 0xf4, 0x18, 0x6a, 0x17, 0xf5, 0x57,
+ 0x20, 0x37, 0xcf, 0xf9, 0x74, 0x5e, 0xe1, 0x48,
+ 0x6a, 0x71, 0x0a, 0x0f, 0x79, 0x72, 0x2b, 0x46,
+ 0x10, 0x53, 0xdc, 0x14, 0x43, 0xbd, 0xbc, 0x6d,
+ 0x15, 0x6f, 0x15, 0x4e, 0xf0, 0x0d, 0x89, 0x39,
+ 0x02, 0xc3, 0x68, 0x5c, 0xa8, 0xfc, 0xed, 0x64,
+ 0x9d, 0x98, 0xb7, 0xcd, 0x83, 0x66, 0x93, 0xc3,
+ 0xd9, 0x57, 0xa0, 0x21, 0x93, 0xad, 0x5c, 0x75,
+ 0x69, 0x88, 0x9e, 0x81, 0xdc, 0x7f, 0x1d, 0xd5,
+ 0xbd, 0x1c, 0xc1, 0x30, 0x56, 0xa5, 0xda, 0x99,
+ 0x46, 0xa6, 0x6d, 0x0e, 0x6f, 0x5e, 0x51, 0x34,
+ 0x49, 0x73, 0xc3, 0x67, 0x49, 0x7e, 0x21, 0x2a,
+ 0x20, 0xa7, 0x2b, 0x92, 0x73, 0x1d, 0xa5, 0x25,
+ 0x2a, 0xd0, 0x3a, 0x89, 0x75, 0xb2, 0xbb, 0x19,
+ 0x37, 0x78, 0x48, 0xd2, 0xf2, 0x2a, 0x6d, 0x9e,
+ 0xc6, 0x26, 0xca, 0x46, 0x8c, 0xf1, 0x42, 0x2a,
+ 0x31, 0xb2, 0xfc, 0xe7, 0x55, 0x51, 0xff, 0x07,
+ 0x13, 0x5b, 0x36, 0x59, 0x2b, 0x43, 0x30, 0x4b,
+ 0x05, 0x5c, 0xd2, 0x45, 0xa0, 0xa0, 0x7c, 0x17,
+ 0x5b, 0x07, 0xbb, 0x5d, 0x83, 0x80, 0x92, 0x6d,
+ 0x87, 0x1a, 0x43, 0xac, 0xc7, 0x6b, 0x8d, 0x11,
+ 0x60, 0x27, 0xd2, 0xdf, 0xdb, 0x71, 0x02, 0x55,
+ 0x6e, 0xb5, 0xca, 0x4d, 0xda, 0x59, 0x0d, 0xb8,
+ 0x8c, 0xcd, 0xd3, 0x0e, 0x55, 0xa0, 0xa4, 0x8d,
+ 0xa0, 0x14, 0x10, 0x48, 0x42, 0x35, 0x56, 0x08,
+ 0xf7, 0x29, 0x5f, 0xa2, 0xea, 0xa4, 0x5e, 0x8e,
+ 0x99, 0x56, 0xaa, 0x5a, 0x8c, 0x23, 0x8f, 0x35,
+ 0x22, 0x8a, 0xff, 0xed, 0x02, 0x03, 0x01, 0x00,
+ 0x01, 0x02, 0x82, 0x01, 0x00, 0x4e, 0x4a, 0xf3,
+ 0x44, 0xe0, 0x64, 0xfd, 0xe1, 0xde, 0x33, 0x1e,
+ 0xd1, 0xf1, 0x8f, 0x6f, 0xe0, 0xa2, 0xfa, 0x08,
+ 0x60, 0xe1, 0xc6, 0xf0, 0xb2, 0x6d, 0x0f, 0xc6,
+ 0x28, 0x93, 0xb4, 0x19, 0x94, 0xab, 0xc3, 0xef,
+ 0x1a, 0xb4, 0xdd, 0x4e, 0xa2, 0x4a, 0x24, 0x8c,
+ 0x6c, 0xa6, 0x64, 0x05, 0x5f, 0x56, 0xba, 0xda,
+ 0xc1, 0x21, 0x1a, 0x7d, 0xf1, 0xf7, 0xce, 0xb9,
+ 0xa9, 0x9b, 0x92, 0x54, 0xfc, 0x95, 0x20, 0x22,
+ 0x4e, 0xd4, 0x9b, 0xe2, 0xab, 0x8e, 0x99, 0xb8,
+ 0x40, 0xaf, 0x30, 0x6a, 0xc6, 0x60, 0x0c, 0xd8,
+ 0x25, 0x44, 0xa1, 0xcb, 0xbb, 0x73, 0x77, 0x86,
+ 0xaa, 0x46, 0xf3, 0x54, 0xae, 0xa8, 0xa0, 0xdb,
+ 0xdd, 0xab, 0x6e, 0xfb, 0x2c, 0x5a, 0x14, 0xaf,
+ 0x08, 0x13, 0xa7, 0x6c, 0xe9, 0xfd, 0xcd, 0x4c,
+ 0x1f, 0x20, 0x3a, 0x16, 0x2b, 0xf0, 0xb6, 0x7c,
+ 0x47, 0x5f, 0xd1, 0x0a, 0x2c, 0xc4, 0xa5, 0x68,
+ 0xd0, 0x43, 0x75, 0x6b, 0x65, 0xaa, 0x32, 0xc6,
+ 0x99, 0x06, 0xcb, 0x8f, 0xe6, 0x8d, 0xce, 0xbf,
+ 0x4d, 0x0d, 0x7b, 0x22, 0x2a, 0x8a, 0xcb, 0x7d,
+ 0x7f, 0x16, 0x48, 0x85, 0xf1, 0x86, 0xcb, 0x54,
+ 0xb9, 0x39, 0xd4, 0xbc, 0xe3, 0x2d, 0x27, 0x59,
+ 0xf6, 0x81, 0x5e, 0x94, 0x45, 0xdf, 0xb9, 0x22,
+ 0xaf, 0x64, 0x0d, 0x14, 0xec, 0x8c, 0xeb, 0x71,
+ 0xac, 0xee, 0x09, 0x4c, 0xbf, 0x34, 0xf9, 0xf4,
+ 0x66, 0x77, 0x36, 0x3b, 0x41, 0x74, 0x01, 0x4f,
+ 0xfc, 0x56, 0x83, 0xba, 0x14, 0xb0, 0x2f, 0xdd,
+ 0x4d, 0xb9, 0x3f, 0xdf, 0x71, 0xbe, 0x7b, 0xba,
+ 0x66, 0xc8, 0xc5, 0x42, 0xc9, 0xba, 0x18, 0x63,
+ 0x45, 0x07, 0x2f, 0x84, 0x3e, 0xc3, 0xfb, 0x47,
+ 0xda, 0xd4, 0x1d, 0x0e, 0x9d, 0x96, 0xc0, 0xea,
+ 0xee, 0x45, 0x2f, 0xe1, 0x62, 0x23, 0xee, 0xef,
+ 0x3d, 0x5e, 0x55, 0xa1, 0x0d, 0x02, 0x81, 0x81,
+ 0x00, 0xeb, 0x76, 0x88, 0xd3, 0xae, 0x3f, 0x1d,
+ 0xf2, 0x49, 0xe0, 0x37, 0x49, 0x83, 0x82, 0x6c,
+ 0xf7, 0xf1, 0x17, 0x30, 0x75, 0x2e, 0x89, 0x06,
+ 0x88, 0x56, 0x32, 0xf6, 0xfa, 0x58, 0xcb, 0x3c,
+ 0x98, 0x67, 0xc3, 0xde, 0x10, 0x82, 0xe5, 0xfa,
+ 0xfa, 0x52, 0x47, 0x8d, 0xd7, 0x00, 0xc6, 0xcb,
+ 0xf7, 0xf6, 0x57, 0x9b, 0x6e, 0x0c, 0xac, 0xe8,
+ 0x3b, 0xd1, 0xde, 0xb5, 0x34, 0xaf, 0x8b, 0x2a,
+ 0xb0, 0x2d, 0x01, 0xeb, 0x7c, 0xa0, 0x42, 0x26,
+ 0xbb, 0x2b, 0x43, 0x0e, 0x1d, 0xe2, 0x4e, 0xc9,
+ 0xc1, 0x0a, 0x67, 0x1d, 0xfc, 0x83, 0x25, 0xce,
+ 0xb2, 0x18, 0xd9, 0x0d, 0x70, 0xf5, 0xa3, 0x5a,
+ 0x9c, 0x99, 0xdd, 0x47, 0xa1, 0x57, 0xe7, 0x20,
+ 0xde, 0xa1, 0x29, 0x8d, 0x96, 0x62, 0xf9, 0x26,
+ 0x95, 0x51, 0xa6, 0xe7, 0x09, 0x8b, 0xba, 0x16,
+ 0x8b, 0x19, 0x5b, 0xf9, 0x27, 0x0d, 0xc5, 0xd6,
+ 0x5f, 0x02, 0x81, 0x81, 0x00, 0xce, 0x26, 0x31,
+ 0xb5, 0x43, 0x53, 0x95, 0x39, 0xdd, 0x01, 0x98,
+ 0x8b, 0x3d, 0x27, 0xeb, 0x0b, 0x87, 0x1c, 0x95,
+ 0xfc, 0x3e, 0x36, 0x51, 0x31, 0xb5, 0xea, 0x59,
+ 0x56, 0xc0, 0x97, 0x62, 0xf0, 0x63, 0x2b, 0xb6,
+ 0x30, 0x9b, 0xdf, 0x19, 0x10, 0xe9, 0xa0, 0x3d,
+ 0xea, 0x54, 0x5a, 0xe6, 0xc6, 0x9e, 0x7e, 0xb5,
+ 0xf0, 0xb0, 0x54, 0xef, 0xc3, 0xe1, 0x47, 0xa6,
+ 0x95, 0xc7, 0xe4, 0xa3, 0x4a, 0x30, 0x68, 0x24,
+ 0x98, 0x7d, 0xc1, 0x34, 0xa9, 0xcb, 0xbc, 0x3c,
+ 0x08, 0x9c, 0x7d, 0x0c, 0xa2, 0xb7, 0x60, 0xaa,
+ 0x38, 0x08, 0x16, 0xa6, 0x7f, 0xdb, 0xd2, 0xb1,
+ 0x67, 0xe7, 0x93, 0x8e, 0xbb, 0x7e, 0xb9, 0xb5,
+ 0xd0, 0xd0, 0x9f, 0x7b, 0xcc, 0x46, 0xe6, 0x74,
+ 0x78, 0x1a, 0x96, 0xd6, 0xd7, 0x74, 0x34, 0x54,
+ 0x3b, 0x54, 0x55, 0x7f, 0x89, 0x81, 0xbc, 0x40,
+ 0x55, 0x87, 0x24, 0x95, 0x33, 0x02, 0x81, 0x81,
+ 0x00, 0xb0, 0x18, 0x5d, 0x2a, 0x1a, 0x95, 0x9f,
+ 0x9a, 0xd5, 0x3f, 0x37, 0x79, 0xe6, 0x3d, 0x83,
+ 0xab, 0x46, 0x86, 0x36, 0x3a, 0x5d, 0x0c, 0x23,
+ 0x73, 0x91, 0x2b, 0xda, 0x63, 0xce, 0x46, 0x68,
+ 0xd1, 0xfe, 0x40, 0x90, 0xf2, 0x3e, 0x43, 0x2b,
+ 0x19, 0x4c, 0xb1, 0xb0, 0xd5, 0x8c, 0x02, 0x21,
+ 0x07, 0x18, 0x17, 0xda, 0xe9, 0x49, 0xd7, 0x82,
+ 0x73, 0x42, 0x78, 0xd1, 0x82, 0x4e, 0x8a, 0xc0,
+ 0xe9, 0x33, 0x2f, 0xcd, 0x62, 0xce, 0x23, 0xca,
+ 0xfd, 0x8d, 0xd4, 0x3f, 0x59, 0x80, 0x27, 0xb6,
+ 0x61, 0x85, 0x9b, 0x2a, 0xe4, 0xef, 0x5c, 0x36,
+ 0x22, 0x21, 0xcd, 0x2a, 0x6d, 0x41, 0x77, 0xe2,
+ 0xcb, 0x5d, 0x93, 0x0d, 0x00, 0x10, 0x52, 0x8d,
+ 0xd5, 0x92, 0x28, 0x16, 0x78, 0xd3, 0x1a, 0x4c,
+ 0x8d, 0xbd, 0x9c, 0x1a, 0x0b, 0x9c, 0x91, 0x16,
+ 0x4c, 0xff, 0x31, 0x36, 0xbb, 0xcb, 0x64, 0x1a,
+ 0xf7, 0x02, 0x81, 0x80, 0x32, 0x65, 0x09, 0xdf,
+ 0xca, 0xee, 0xa2, 0xdb, 0x3b, 0x58, 0xc9, 0x86,
+ 0xb8, 0x53, 0x8a, 0xd5, 0x0d, 0x99, 0x82, 0x5c,
+ 0xe0, 0x84, 0x7c, 0xc2, 0xcf, 0x3a, 0xd3, 0xce,
+ 0x2e, 0x54, 0x93, 0xbe, 0x3a, 0x30, 0x14, 0x60,
+ 0xbb, 0xaa, 0x05, 0x41, 0xaa, 0x2b, 0x1f, 0x17,
+ 0xaa, 0xb9, 0x72, 0x12, 0xf9, 0xe9, 0xf5, 0xe6,
+ 0x39, 0xe4, 0xf9, 0x9c, 0x03, 0xf5, 0x75, 0x16,
+ 0xc6, 0x7f, 0xf1, 0x1f, 0x10, 0xc8, 0x54, 0xb1,
+ 0xe6, 0x84, 0x15, 0xb0, 0xb0, 0x7a, 0x7a, 0x9e,
+ 0x8c, 0x4a, 0xd1, 0x8c, 0xf1, 0x91, 0x32, 0xeb,
+ 0x71, 0xa6, 0xbf, 0xdb, 0x1f, 0xcc, 0xd8, 0xcb,
+ 0x92, 0xc3, 0xf2, 0xaf, 0x89, 0x22, 0x32, 0xfd,
+ 0x32, 0x12, 0xda, 0xbb, 0xac, 0x55, 0x68, 0x01,
+ 0x78, 0x56, 0x89, 0x7c, 0xb0, 0x0e, 0x9e, 0xcc,
+ 0xc6, 0x28, 0x04, 0x7e, 0x83, 0xf5, 0x96, 0x30,
+ 0x92, 0x51, 0xf2, 0x1b, 0x02, 0x81, 0x81, 0x00,
+ 0x83, 0x6d, 0xd1, 0x98, 0x90, 0x41, 0x8c, 0xa7,
+ 0x92, 0x83, 0xac, 0x89, 0x05, 0x0c, 0x79, 0x67,
+ 0x90, 0xb6, 0xa1, 0xf3, 0x2f, 0xca, 0xf0, 0x15,
+ 0xe0, 0x30, 0x58, 0xe9, 0x4f, 0xcb, 0x4c, 0x56,
+ 0x56, 0x56, 0x14, 0x3f, 0x1b, 0x79, 0xb6, 0xef,
+ 0x57, 0x4b, 0x28, 0xbd, 0xb0, 0xe6, 0x0c, 0x49,
+ 0x4b, 0xbe, 0xe1, 0x57, 0x28, 0x2a, 0x23, 0x5e,
+ 0xc4, 0xa2, 0x19, 0x4b, 0x00, 0x67, 0x78, 0xd9,
+ 0x26, 0x6e, 0x17, 0x25, 0xce, 0xe4, 0xfd, 0xde,
+ 0x86, 0xa8, 0x5a, 0x67, 0x47, 0x6b, 0x15, 0x09,
+ 0xe1, 0xec, 0x8e, 0x62, 0x98, 0x91, 0x6f, 0xc0,
+ 0x98, 0x0c, 0x70, 0x0e, 0x7d, 0xbe, 0x63, 0xbd,
+ 0x12, 0x5a, 0x98, 0x1c, 0xe3, 0x0c, 0xfb, 0xc7,
+ 0xfb, 0x1b, 0xbd, 0x02, 0x87, 0xcc, 0x0c, 0xbb,
+ 0xc2, 0xd4, 0xb6, 0xc1, 0xa1, 0x23, 0xd3, 0x1e,
+ 0x21, 0x6f, 0x48, 0xba, 0x0e, 0x2e, 0xc7, 0x42
+};
+
+static const uint8_t rsa2048_public_key[] = {
+ 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
+ 0x00, 0xbd, 0x9c, 0x83, 0x6b, 0x0e, 0x8e, 0xcf,
+ 0xfa, 0xaa, 0x4f, 0x6a, 0xf4, 0xe3, 0x52, 0x0f,
+ 0xa5, 0xd0, 0xbe, 0x5e, 0x7f, 0x08, 0x24, 0xba,
+ 0x87, 0x46, 0xfb, 0x28, 0x93, 0xe5, 0xe5, 0x81,
+ 0x42, 0xc0, 0xf9, 0x17, 0xc7, 0x81, 0x01, 0xf4,
+ 0x18, 0x6a, 0x17, 0xf5, 0x57, 0x20, 0x37, 0xcf,
+ 0xf9, 0x74, 0x5e, 0xe1, 0x48, 0x6a, 0x71, 0x0a,
+ 0x0f, 0x79, 0x72, 0x2b, 0x46, 0x10, 0x53, 0xdc,
+ 0x14, 0x43, 0xbd, 0xbc, 0x6d, 0x15, 0x6f, 0x15,
+ 0x4e, 0xf0, 0x0d, 0x89, 0x39, 0x02, 0xc3, 0x68,
+ 0x5c, 0xa8, 0xfc, 0xed, 0x64, 0x9d, 0x98, 0xb7,
+ 0xcd, 0x83, 0x66, 0x93, 0xc3, 0xd9, 0x57, 0xa0,
+ 0x21, 0x93, 0xad, 0x5c, 0x75, 0x69, 0x88, 0x9e,
+ 0x81, 0xdc, 0x7f, 0x1d, 0xd5, 0xbd, 0x1c, 0xc1,
+ 0x30, 0x56, 0xa5, 0xda, 0x99, 0x46, 0xa6, 0x6d,
+ 0x0e, 0x6f, 0x5e, 0x51, 0x34, 0x49, 0x73, 0xc3,
+ 0x67, 0x49, 0x7e, 0x21, 0x2a, 0x20, 0xa7, 0x2b,
+ 0x92, 0x73, 0x1d, 0xa5, 0x25, 0x2a, 0xd0, 0x3a,
+ 0x89, 0x75, 0xb2, 0xbb, 0x19, 0x37, 0x78, 0x48,
+ 0xd2, 0xf2, 0x2a, 0x6d, 0x9e, 0xc6, 0x26, 0xca,
+ 0x46, 0x8c, 0xf1, 0x42, 0x2a, 0x31, 0xb2, 0xfc,
+ 0xe7, 0x55, 0x51, 0xff, 0x07, 0x13, 0x5b, 0x36,
+ 0x59, 0x2b, 0x43, 0x30, 0x4b, 0x05, 0x5c, 0xd2,
+ 0x45, 0xa0, 0xa0, 0x7c, 0x17, 0x5b, 0x07, 0xbb,
+ 0x5d, 0x83, 0x80, 0x92, 0x6d, 0x87, 0x1a, 0x43,
+ 0xac, 0xc7, 0x6b, 0x8d, 0x11, 0x60, 0x27, 0xd2,
+ 0xdf, 0xdb, 0x71, 0x02, 0x55, 0x6e, 0xb5, 0xca,
+ 0x4d, 0xda, 0x59, 0x0d, 0xb8, 0x8c, 0xcd, 0xd3,
+ 0x0e, 0x55, 0xa0, 0xa4, 0x8d, 0xa0, 0x14, 0x10,
+ 0x48, 0x42, 0x35, 0x56, 0x08, 0xf7, 0x29, 0x5f,
+ 0xa2, 0xea, 0xa4, 0x5e, 0x8e, 0x99, 0x56, 0xaa,
+ 0x5a, 0x8c, 0x23, 0x8f, 0x35, 0x22, 0x8a, 0xff,
+ 0xed, 0x02, 0x03, 0x01, 0x00, 0x01
+};
+
+static const uint8_t test_sha1_dgst[] = {
+ 0x3c, 0x05, 0x19, 0x34, 0x29, 0x19, 0xc7, 0xe0,
+ 0x87, 0xb6, 0x24, 0xf9, 0x58, 0xac, 0xa4, 0xd4,
+ 0xb2, 0xd9, 0x03, 0x9e,
+};
+
+static const uint8_t exp_signature_rsa2048_pkcs1[] = {
+ 0x4e, 0x82, 0x56, 0x4c, 0x84, 0x66, 0xca, 0x1e,
+ 0xc6, 0x92, 0x46, 0x20, 0x02, 0x6b, 0x64, 0x46,
+ 0x15, 0x6b, 0x24, 0xf2, 0xbb, 0xfa, 0x44, 0x3c,
+ 0xaf, 0x42, 0xc8, 0x41, 0xfd, 0xce, 0xed, 0x95,
+ 0x34, 0xaf, 0x25, 0x09, 0xd1, 0x06, 0x94, 0xaa,
+ 0x52, 0xd4, 0x29, 0xc8, 0x52, 0x34, 0x67, 0x59,
+ 0x4f, 0x5a, 0xfd, 0x23, 0x30, 0x5e, 0xc7, 0x1e,
+ 0xa6, 0xe0, 0x1b, 0x23, 0xca, 0x82, 0x47, 0x9a,
+ 0x2e, 0x2c, 0x66, 0x45, 0x5a, 0x12, 0xa9, 0x15,
+ 0xbf, 0xd6, 0xd6, 0xfa, 0x8d, 0x60, 0x99, 0x89,
+ 0x91, 0x39, 0x06, 0xb7, 0xd3, 0x9a, 0xef, 0x15,
+ 0x7b, 0x95, 0x87, 0x77, 0x2c, 0x41, 0xd4, 0x71,
+ 0xd5, 0xdf, 0x22, 0x7b, 0x01, 0xe2, 0xc1, 0xfb,
+ 0xb9, 0x4e, 0x0c, 0x9b, 0xd5, 0x04, 0xed, 0x2b,
+ 0x7e, 0x73, 0x53, 0xaa, 0x33, 0x89, 0x9d, 0x95,
+ 0x28, 0x8f, 0x8b, 0x80, 0x34, 0x7a, 0xea, 0xe3,
+ 0x66, 0x8a, 0xa8, 0xad, 0xed, 0x91, 0x43, 0xdd,
+ 0x77, 0xe5, 0xd7, 0x16, 0xda, 0xa8, 0x00, 0x29,
+ 0x3f, 0x9f, 0xe0, 0x1d, 0x42, 0x9d, 0x35, 0x5d,
+ 0x0f, 0xf3, 0x90, 0x27, 0x3a, 0x8c, 0x46, 0x13,
+ 0x53, 0x3e, 0x3b, 0x38, 0x77, 0xf8, 0x57, 0x61,
+ 0xbc, 0xc4, 0x54, 0x68, 0x48, 0xae, 0x58, 0x03,
+ 0x33, 0x94, 0x3f, 0x18, 0x1e, 0xb3, 0x3f, 0x79,
+ 0xa7, 0x26, 0x92, 0x5d, 0x32, 0x2a, 0xdb, 0xe6,
+ 0x3a, 0xe8, 0xd7, 0xaa, 0x91, 0xfe, 0x9f, 0x06,
+ 0x26, 0x68, 0x8c, 0x27, 0x31, 0xb0, 0x04, 0x9e,
+ 0x94, 0x79, 0x63, 0xa1, 0xc7, 0xe8, 0x5b, 0x8c,
+ 0xd3, 0xf1, 0x88, 0x58, 0x31, 0x2f, 0x4e, 0x11,
+ 0x00, 0xfe, 0x29, 0xad, 0x2c, 0xa9, 0x8e, 0x63,
+ 0xd8, 0x7d, 0xc5, 0xa1, 0x71, 0xfa, 0x08, 0x29,
+ 0xea, 0xd6, 0x6c, 0x53, 0x00, 0x52, 0xa0, 0xed,
+ 0x6b, 0x7c, 0x67, 0x50, 0x71, 0x2d, 0x96, 0x7a,
+};
+
+static const uint8_t exp_signature_rsa1024_pkcs1[] = {
+ 0x6b, 0x5b, 0xbb, 0x3b, 0x1f, 0x08, 0xd8, 0xc0,
+ 0x4a, 0xf1, 0x5a, 0x12, 0xc2, 0x39, 0x14, 0x65,
+ 0x4f, 0xda, 0x79, 0x67, 0xf2, 0x89, 0x25, 0xad,
+ 0x9e, 0x7e, 0xba, 0xa8, 0x34, 0x15, 0x03, 0xdd,
+ 0x80, 0x6b, 0x01, 0xd7, 0x4a, 0xf3, 0xd6, 0xef,
+ 0x1e, 0x48, 0xf3, 0xbc, 0x75, 0x1a, 0xc4, 0x2c,
+ 0x90, 0x15, 0x9f, 0x21, 0x24, 0x98, 0x21, 0xef,
+ 0x6d, 0x3b, 0xf3, 0x82, 0x8f, 0x8d, 0xd8, 0x48,
+ 0x37, 0x16, 0x19, 0x8e, 0x3c, 0x64, 0xa0, 0x9e,
+ 0xf7, 0x0c, 0xd9, 0x5c, 0xc6, 0x13, 0xc4, 0x5f,
+ 0xf8, 0xf3, 0x59, 0x5b, 0xd0, 0x33, 0x95, 0x98,
+ 0xde, 0x67, 0x25, 0x58, 0x46, 0xba, 0xee, 0x0f,
+ 0x47, 0x7a, 0x7f, 0xd0, 0xe4, 0x77, 0x09, 0x17,
+ 0xe9, 0x81, 0x6e, 0x2d, 0x33, 0x9b, 0x13, 0x0b,
+ 0xc9, 0xb2, 0x0c, 0x2c, 0xb5, 0xdf, 0x52, 0x8f,
+ 0xab, 0x0d, 0xc6, 0x59, 0x1d, 0xc7, 0x33, 0x7b,
+};
+
+static const uint8_t test_plaintext[] = {
+ 0x00, 0x44, 0xbc, 0x6f, 0x77, 0xfb, 0xe2, 0xa4,
+ 0x98, 0x9e, 0xf5, 0x33, 0xa0, 0xbd, 0x81, 0xb9,
+ 0xf1, 0x44, 0x7f, 0x79, 0x89, 0x23, 0xe5, 0x46,
+ 0x66, 0x9f, 0x98, 0x95, 0x6f, 0x56, 0x78, 0xf6,
+ 0xf5, 0xac, 0x9c, 0xda, 0xc2, 0x79, 0x59, 0xf0,
+ 0x1b, 0x03, 0xfa, 0x46, 0x1c, 0x1f, 0x18, 0x07,
+ 0xce, 0xad, 0xed, 0x3d, 0x11, 0xf9, 0x1b, 0x26,
+ 0x4a, 0x97, 0x28, 0x71, 0x5f, 0x2c, 0x5e, 0x58,
+ 0xf0, 0xd6, 0xbf, 0xa4, 0x12, 0xd0, 0x1d, 0x07,
+ 0xcb, 0x73, 0x66, 0xb6, 0xa4, 0x09, 0xaf, 0x5d,
+ 0xe9, 0x14, 0x14, 0xaf, 0x69, 0xd6, 0xee, 0x0a,
+ 0xfc, 0xca, 0xac, 0x94, 0x47, 0xd5, 0x9d, 0x5b,
+ 0x2b, 0xfb, 0xce, 0x9d, 0x04, 0xc1, 0xaf, 0xa5,
+ 0xa1, 0x8d, 0xa9, 0x48, 0xa8, 0x65, 0xe6, 0x9f,
+ 0x74, 0x78, 0x16, 0x32, 0x93, 0xb5, 0x21, 0xb9,
+ 0x9f, 0x3f, 0xc1, 0xe5, 0xa2, 0x50, 0x8b, 0x12,
+ 0xfb, 0x3e, 0xb0, 0x8a, 0x00, 0xc7, 0x20, 0x56,
+ 0xb3, 0xb1, 0x29, 0x95, 0x89, 0xd6, 0x50, 0xf5,
+ 0x37, 0x38, 0x8e, 0x12, 0xf1, 0xba, 0x82, 0x37,
+ 0x34, 0x68, 0x4b, 0xe8, 0xe3, 0x11, 0x1c, 0x46,
+ 0xf9, 0x63, 0x3a, 0xd6, 0xf3, 0x3f, 0x55, 0xa6,
+ 0xbd, 0x89, 0xf1, 0x2d, 0x38, 0x91, 0x7c, 0xc2,
+ 0x4d, 0xf1, 0x69, 0x82, 0x6d, 0x71, 0x77, 0xf4,
+ 0xfc, 0x43, 0x20, 0x6f, 0x43, 0xb9, 0x43, 0xd1,
+ 0x65, 0xbd, 0xca, 0xb1, 0x43, 0x87, 0xf8, 0xc8,
+ 0x76, 0x21, 0xa9, 0xeb, 0x3e, 0x9a, 0xef, 0xc9,
+ 0x0e, 0x79, 0xbc, 0xf0, 0xf8, 0xc8, 0xe2, 0xbc,
+ 0x33, 0x35, 0x3e, 0xfc, 0xf9, 0x44, 0x69, 0x06,
+ 0x7c, 0x7f, 0x5d, 0xa2, 0x9e, 0xab, 0xc2, 0x82,
+ 0xa0, 0xfb, 0xc5, 0x79, 0x57, 0x8c, 0xf1, 0x1c,
+ 0x51, 0x64, 0x4c, 0x56, 0x08, 0x80, 0x32, 0xf4,
+ 0x97, 0x8f, 0x6f, 0xb2, 0x16, 0xa6, 0x9d, 0x71,
+};
+
+static const uint8_t exp_ciphertext_rsa1024_raw[] = {
+ 0x01, 0xa0, 0xc2, 0x94, 0x9f, 0xd6, 0xbe, 0x8d,
+ 0xe9, 0x24, 0xaa, 0x9c, 0x67, 0xd7, 0xe3, 0x04,
+ 0x34, 0xbf, 0xd3, 0x27, 0xa1, 0x43, 0xeb, 0x60,
+ 0x6b, 0x5b, 0x64, 0x15, 0x55, 0x16, 0x98, 0x35,
+ 0xc2, 0x59, 0xa7, 0xf7, 0x24, 0xf7, 0x05, 0xb9,
+ 0xe8, 0x56, 0x6f, 0xf2, 0x7d, 0x8b, 0x3c, 0xcb,
+ 0xa6, 0xc2, 0xac, 0x0c, 0x37, 0x8c, 0x70, 0x70,
+ 0x55, 0x05, 0x07, 0x0d, 0x63, 0x6b, 0x7d, 0x5f,
+ 0xae, 0x03, 0x1e, 0x55, 0x05, 0xbb, 0xa8, 0xe7,
+ 0xff, 0xa0, 0x8c, 0x5b, 0x6b, 0x01, 0x48, 0x2e,
+ 0x4f, 0x7f, 0xe2, 0x74, 0xc6, 0x32, 0xa7, 0x2d,
+ 0xdb, 0x91, 0x9b, 0x67, 0x4d, 0x71, 0xf9, 0x8c,
+ 0x42, 0x43, 0x75, 0x4e, 0xd0, 0x0e, 0x7c, 0xa0,
+ 0x97, 0x1a, 0x5f, 0x8e, 0x6f, 0xe4, 0xfa, 0x16,
+ 0x1d, 0x59, 0x0e, 0x0b, 0x11, 0x12, 0xa3, 0x0c,
+ 0xa6, 0x55, 0xe6, 0xdb, 0xa7, 0x71, 0xa6, 0xff,
+};
+
+static const uint8_t exp_ciphertext_rsa1024_pkcs1[] = {
+ 0x93, 0x78, 0x6a, 0x76, 0xb8, 0x94, 0xea, 0xe4,
+ 0x32, 0x79, 0x01, 0x8b, 0xc1, 0xcb, 0x2e, 0x2d,
+ 0xfe, 0xdc, 0x9b, 0xe3, 0xe9, 0x23, 0xe4, 0x0a,
+ 0xb0, 0x6b, 0x9f, 0x6b, 0x62, 0xf5, 0x3d, 0xf0,
+ 0x78, 0x84, 0x77, 0x21, 0xad, 0x0b, 0x30, 0x30,
+ 0x94, 0xe2, 0x18, 0xc4, 0x9b, 0x12, 0x06, 0xc8,
+ 0xaa, 0xf7, 0x30, 0xe4, 0xc8, 0x64, 0xe7, 0x51,
+ 0xf1, 0x6a, 0xe1, 0xa2, 0x58, 0x7a, 0x02, 0x9c,
+ 0x8e, 0xf0, 0x2d, 0x25, 0x6b, 0xb7, 0x25, 0x5e,
+ 0x05, 0xaf, 0x38, 0xb2, 0x69, 0x5e, 0x6c, 0x75,
+ 0x6e, 0x27, 0xba, 0x5d, 0x7d, 0x35, 0x72, 0xb7,
+ 0x25, 0xd4, 0xaa, 0xb2, 0x4b, 0x9e, 0x6b, 0x82,
+ 0xb2, 0x32, 0xe2, 0x13, 0x1d, 0x00, 0x21, 0x08,
+ 0xae, 0x14, 0xbb, 0xc0, 0x40, 0xb7, 0x0d, 0xd5,
+ 0x0e, 0x4d, 0x6d, 0x9a, 0x70, 0x86, 0xe9, 0xfc,
+ 0x67, 0x2b, 0xa4, 0x11, 0x45, 0xb6, 0xc4, 0x2f,
+};
+
+static const uint8_t exp_ciphertext_rsa2048_raw[] = {
+ 0x09, 0x7b, 0x9e, 0x7c, 0x10, 0x1f, 0x73, 0xb4,
+ 0x5f, 0xdb, 0x4f, 0x05, 0xe7, 0xfc, 0x9e, 0x35,
+ 0x48, 0xd8, 0xc8, 0xf5, 0xac, 0x6d, 0xb4, 0xb0,
+ 0xd4, 0xf7, 0x69, 0x0f, 0x30, 0x78, 0xbb, 0x55,
+ 0x67, 0x66, 0x66, 0x05, 0xf4, 0x77, 0xe2, 0x30,
+ 0xa5, 0x94, 0x10, 0xa3, 0xcb, 0xee, 0x13, 0x9f,
+ 0x47, 0x1b, 0x2e, 0xf9, 0xfd, 0x94, 0x09, 0xbd,
+ 0x26, 0x6e, 0x84, 0xc7, 0x5c, 0x42, 0x20, 0x76,
+ 0x72, 0x83, 0x75, 0x68, 0xa4, 0x18, 0x2d, 0x76,
+ 0x62, 0xc3, 0xab, 0xc0, 0xc9, 0x36, 0x59, 0xe0,
+ 0xa9, 0x70, 0x1f, 0xff, 0x97, 0x07, 0x0d, 0x88,
+ 0xc2, 0xd8, 0x51, 0x35, 0xf7, 0xb0, 0x50, 0xe4,
+ 0x9f, 0x3d, 0xd4, 0x71, 0x8b, 0x40, 0x89, 0x71,
+ 0x6c, 0xd8, 0xc2, 0x63, 0xb6, 0x3a, 0xce, 0xb1,
+ 0x32, 0xf1, 0xc6, 0x11, 0x31, 0x25, 0x48, 0xcf,
+ 0xeb, 0xbc, 0xd3, 0x9b, 0xc5, 0xbd, 0xd2, 0x57,
+ 0x73, 0x9b, 0x20, 0xb8, 0xdf, 0xbe, 0xb8, 0x40,
+ 0xb6, 0xac, 0x24, 0xdb, 0x94, 0x6a, 0x93, 0x43,
+ 0x4a, 0xa8, 0xa3, 0xcf, 0xd5, 0x61, 0x1b, 0x46,
+ 0x1d, 0x6f, 0x57, 0xec, 0xa6, 0xd0, 0x44, 0x05,
+ 0x48, 0xb8, 0x90, 0x80, 0x23, 0x8e, 0x5f, 0xb0,
+ 0x4b, 0x6f, 0xe3, 0xf9, 0xb0, 0x04, 0x60, 0xae,
+ 0x80, 0xcf, 0xa5, 0x5c, 0x11, 0xe4, 0xce, 0x57,
+ 0x5b, 0xbb, 0xde, 0x92, 0xfc, 0xe7, 0x3f, 0xe0,
+ 0xfc, 0x06, 0xc8, 0xf3, 0x8c, 0xac, 0x86, 0x09,
+ 0x31, 0xe5, 0x7e, 0xfb, 0x5d, 0xa7, 0x57, 0xf8,
+ 0x1d, 0x23, 0x9d, 0xa3, 0xeb, 0x53, 0x28, 0xde,
+ 0xbf, 0x53, 0xef, 0x35, 0x3c, 0x7e, 0x3c, 0x1b,
+ 0x76, 0x9d, 0x09, 0x25, 0x43, 0xd4, 0x8b, 0xca,
+ 0xda, 0x45, 0x5b, 0xdc, 0x9f, 0x57, 0x5a, 0x30,
+ 0x2e, 0xe9, 0x73, 0x68, 0x28, 0xfa, 0x40, 0xb0,
+ 0x7c, 0x31, 0xd7, 0x8b, 0x4e, 0x99, 0x94, 0xf1,
+};
+
+static const uint8_t exp_ciphertext_rsa2048_pkcs1[] = {
+ 0xa5, 0x19, 0x19, 0x34, 0xad, 0xf6, 0xd2, 0xbe,
+ 0xed, 0x8f, 0xe5, 0xfe, 0xa2, 0xa5, 0x20, 0x08,
+ 0x15, 0x53, 0x7c, 0x68, 0x28, 0xae, 0x07, 0xb2,
+ 0x4c, 0x5d, 0xee, 0xc1, 0xc6, 0xdc, 0xd6, 0x8b,
+ 0xc6, 0xba, 0x46, 0xe1, 0x16, 0xa9, 0x04, 0x72,
+ 0xdf, 0x8f, 0x1e, 0x97, 0x2a, 0x55, 0xe7, 0xac,
+ 0x08, 0x0d, 0x61, 0xe8, 0x64, 0x8b, 0x6f, 0x96,
+ 0x0e, 0xbb, 0x8a, 0x30, 0xb3, 0x73, 0x28, 0x61,
+ 0x16, 0x89, 0x90, 0x88, 0x8e, 0xda, 0x22, 0xe6,
+ 0x42, 0x16, 0xc7, 0xe8, 0x30, 0x0d, 0x7f, 0x44,
+ 0x1e, 0xef, 0xe6, 0xdb, 0x78, 0x54, 0x89, 0xa5,
+ 0x60, 0x67, 0xb3, 0x35, 0x2d, 0x79, 0x49, 0xcf,
+ 0xe6, 0x8f, 0xf3, 0x64, 0x52, 0x1c, 0x6c, 0x43,
+ 0x7e, 0xb0, 0xde, 0x55, 0xdf, 0xbe, 0xb7, 0xb1,
+ 0xdb, 0x02, 0xee, 0x76, 0x96, 0xcc, 0x0b, 0x97,
+ 0x8c, 0x23, 0xaa, 0x7d, 0x4c, 0x47, 0x28, 0x41,
+ 0x7a, 0x20, 0x39, 0x1f, 0x64, 0x0b, 0xf1, 0x74,
+ 0xf1, 0x29, 0xda, 0xe9, 0x3a, 0x36, 0xa6, 0x88,
+ 0xb8, 0xc0, 0x21, 0xb8, 0x9b, 0x5d, 0x90, 0x85,
+ 0xa3, 0x30, 0x61, 0x17, 0x8c, 0x74, 0x63, 0xd5,
+ 0x0f, 0x95, 0xdc, 0xc8, 0x4f, 0xa7, 0x24, 0x55,
+ 0x40, 0xe2, 0x84, 0x57, 0x65, 0x06, 0x11, 0x30,
+ 0x2b, 0x9e, 0x32, 0x95, 0x39, 0xf2, 0x1a, 0x3f,
+ 0xab, 0xcd, 0x7b, 0x7f, 0x9c, 0xf0, 0x00, 0x50,
+ 0x7c, 0xf4, 0xbe, 0xcb, 0x80, 0xea, 0x66, 0xba,
+ 0x0e, 0x7b, 0x46, 0x0b, 0x25, 0xe0, 0xc1, 0x03,
+ 0x29, 0x11, 0x2d, 0x69, 0x4f, 0x21, 0xa2, 0x58,
+ 0x37, 0x4b, 0x84, 0x15, 0xb3, 0x65, 0x3a, 0xac,
+ 0xd4, 0xd0, 0xf6, 0xdf, 0x4b, 0x82, 0xca, 0x9e,
+ 0xbb, 0xbe, 0x3c, 0x4d, 0xd5, 0xbf, 0x00, 0xd6,
+ 0x12, 0x48, 0x72, 0x0b, 0xc7, 0xf8, 0xe1, 0xcd,
+ 0xd0, 0x28, 0x03, 0x19, 0xa6, 0x06, 0x13, 0x45,
+};
+
+typedef struct QCryptoAkCipherTestData QCryptoAkCipherTestData;
+struct QCryptoAkCipherTestData {
+ const char *path;
+ QCryptoAkCipherOptions opt;
+
+ const uint8_t *priv_key;
+ size_t priv_key_len;
+ const uint8_t *pub_key;
+ size_t pub_key_len;
+
+ const uint8_t *plaintext;
+ size_t plen;
+ const uint8_t *ciphertext;
+ size_t clen;
+ const uint8_t *dgst;
+ size_t dlen;
+ const uint8_t *signature;
+ size_t slen;
+};
+
+static QCryptoAkCipherTestData test_data[] = {
+ /* rsa1024 with raw padding */
+ {
+ .path = "/crypto/akcipher/rsa1024-raw",
+ .opt = {
+ .alg = QCRYPTO_AKCIPHER_ALG_RSA,
+ .u.rsa = {
+ .padding_alg = QCRYPTO_RSA_PADDING_ALG_RAW,
+ },
+ },
+ .pub_key = rsa1024_public_key,
+ .pub_key_len = sizeof(rsa1024_public_key),
+ .priv_key = rsa1024_private_key,
+ .priv_key_len = sizeof(rsa1024_private_key),
+
+ .plaintext = test_plaintext,
+ .plen = 128,
+ .ciphertext = exp_ciphertext_rsa1024_raw,
+ .clen = sizeof(exp_ciphertext_rsa1024_raw),
+ },
+
+ /* rsa1024 with pkcs1 padding */
+ {
+ .path = "/crypto/akcipher/rsa1024-pkcs1",
+ .opt = {
+ .alg = QCRYPTO_AKCIPHER_ALG_RSA,
+ .u.rsa = {
+ .padding_alg = QCRYPTO_RSA_PADDING_ALG_PKCS1,
+ .hash_alg = QCRYPTO_HASH_ALG_SHA1,
+ },
+ },
+ .pub_key = rsa1024_public_key,
+ .pub_key_len = sizeof(rsa1024_public_key),
+ .priv_key = rsa1024_private_key,
+ .priv_key_len = sizeof(rsa1024_private_key),
+
+ .plaintext = test_plaintext,
+ .plen = 64,
+ .ciphertext = exp_ciphertext_rsa1024_pkcs1,
+ .clen = sizeof(exp_ciphertext_rsa1024_pkcs1),
+ .dgst = test_sha1_dgst,
+ .dlen = sizeof(test_sha1_dgst),
+ .signature = exp_signature_rsa1024_pkcs1,
+ .slen = sizeof(exp_signature_rsa1024_pkcs1),
+ },
+
+ /* rsa2048 with raw padding */
+ {
+ .path = "/crypto/akcipher/rsa2048-raw",
+ .opt = {
+ .alg = QCRYPTO_AKCIPHER_ALG_RSA,
+ .u.rsa = {
+ .padding_alg = QCRYPTO_RSA_PADDING_ALG_RAW,
+ },
+ },
+ .pub_key = rsa2048_public_key,
+ .pub_key_len = sizeof(rsa2048_public_key),
+ .priv_key = rsa2048_private_key,
+ .priv_key_len = sizeof(rsa2048_private_key),
+
+ .plaintext = test_plaintext,
+ .plen = 256,
+ .ciphertext = exp_ciphertext_rsa2048_raw,
+ .clen = sizeof(exp_ciphertext_rsa2048_raw),
+ },
+
+ /* rsa2048 with pkcs1 padding */
+ {
+ .path = "/crypto/akcipher/rsa2048-pkcs1",
+ .opt = {
+ .alg = QCRYPTO_AKCIPHER_ALG_RSA,
+ .u.rsa = {
+ .padding_alg = QCRYPTO_RSA_PADDING_ALG_PKCS1,
+ .hash_alg = QCRYPTO_HASH_ALG_SHA1,
+ },
+ },
+ .pub_key = rsa2048_public_key,
+ .pub_key_len = sizeof(rsa2048_public_key),
+ .priv_key = rsa2048_private_key,
+ .priv_key_len = sizeof(rsa2048_private_key),
+
+ .plaintext = test_plaintext,
+ .plen = 128,
+ .ciphertext = exp_ciphertext_rsa2048_pkcs1,
+ .clen = sizeof(exp_ciphertext_rsa2048_pkcs1),
+ .dgst = test_sha1_dgst,
+ .dlen = sizeof(test_sha1_dgst),
+ .signature = exp_signature_rsa2048_pkcs1,
+ .slen = sizeof(exp_signature_rsa2048_pkcs1),
+ },
+
+};
+
+static void test_akcipher(const void *opaque)
+{
+ const QCryptoAkCipherTestData *data = opaque;
+ g_autofree uint8_t *plaintext = NULL;
+ g_autofree uint8_t *ciphertext = NULL;
+ g_autofree uint8_t *signature = NULL;
+ QCryptoAkCipher *pub_key, *priv_key;
+
+ if (!qcrypto_akcipher_supports((QCryptoAkCipherOptions *)&data->opt)) {
+ return;
+ }
+ pub_key = qcrypto_akcipher_new(&data->opt,
+ QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC,
+ data->pub_key, data->pub_key_len,
+ &error_abort);
+ g_assert(pub_key != NULL);
+ priv_key = qcrypto_akcipher_new(&data->opt,
+ QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE,
+ data->priv_key, data->priv_key_len,
+ &error_abort);
+ g_assert(priv_key != NULL);
+
+ if (data->plaintext != NULL) {
+
+ ciphertext = g_new0(uint8_t, data->clen);
+ g_assert(qcrypto_akcipher_encrypt(pub_key, data->plaintext, data->plen,
+ ciphertext, data->clen,
+ &error_abort) > 0);
+
+ /**
+ * In the asymmetric encryption algorithms, the ciphertext generated
+ * each time may be different, here only compare the decrypted
+ * plaintext
+ */
+ plaintext = g_new0(uint8_t, data->clen);
+ g_assert(qcrypto_akcipher_decrypt(priv_key, ciphertext,
+ data->clen, plaintext,
+ data->plen,
+ &error_abort) == data->plen);
+ g_assert(!memcmp(plaintext, data->plaintext, data->plen));
+ }
+
+ if (data->signature != NULL) {
+ signature = g_new(uint8_t, data->slen);
+ g_assert(qcrypto_akcipher_sign(priv_key, data->dgst, data->dlen,
+ signature, data->slen,
+ &error_abort) > 0);
+ /**
+ * The signature generated each time may be different, here only check
+ * the verification.
+ */
+ g_assert(qcrypto_akcipher_verify(pub_key, data->signature, data->slen,
+ data->dgst, data->dlen,
+ &error_abort) == 0);
+ g_assert(qcrypto_akcipher_verify(pub_key, signature, data->slen,
+ data->dgst, data->dlen,
+ &error_abort) == 0);
+ ++signature[0];
+ /* Here error should be ignored */
+ g_assert(qcrypto_akcipher_verify(pub_key, signature, data->slen,
+ data->dgst, data->dlen, NULL) != 0);
+ }
+
+ qcrypto_akcipher_free(pub_key);
+ qcrypto_akcipher_free(priv_key);
+}
+
+int main(int argc, char **argv)
+{
+ size_t i;
+ g_test_init(&argc, &argv, NULL);
+ g_assert(qcrypto_init(NULL) == 0);
+
+ for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
+ g_test_add_data_func(test_data[i].path, &test_data[i], test_akcipher);
+ }
+
+ return g_test_run();
+}
--
2.36.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PULL 7/7] tests/crypto: Add test suite for RSA keys
2022-05-26 10:45 [PULL 0/7] crypto asymmetric cipher patches Daniel P. Berrangé
` (5 preceding siblings ...)
2022-05-26 10:45 ` [PULL 6/7] test/crypto: Add test suite for crypto akcipher Daniel P. Berrangé
@ 2022-05-26 10:45 ` Daniel P. Berrangé
2022-05-26 16:18 ` [PULL 0/7] crypto asymmetric cipher patches Richard Henderson
7 siblings, 0 replies; 9+ messages in thread
From: Daniel P. Berrangé @ 2022-05-26 10:45 UTC (permalink / raw)
To: qemu-devel; +Cc: Daniel P. Berrangé, Markus Armbruster, Eric Blake, Lei He
From: Lei He <helei.sig11@bytedance.com>
As Daniel suggested, Add tests suite for rsakey, as a way to prove
that we can handle DER errors correctly.
Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
tests/unit/test-crypto-akcipher.c | 285 +++++++++++++++++++++++++++++-
1 file changed, 282 insertions(+), 3 deletions(-)
diff --git a/tests/unit/test-crypto-akcipher.c b/tests/unit/test-crypto-akcipher.c
index b5be563884..4f1f4214dd 100644
--- a/tests/unit/test-crypto-akcipher.c
+++ b/tests/unit/test-crypto-akcipher.c
@@ -517,6 +517,158 @@ static const uint8_t exp_ciphertext_rsa2048_pkcs1[] = {
0xd0, 0x28, 0x03, 0x19, 0xa6, 0x06, 0x13, 0x45,
};
+static const uint8_t rsa_private_key_lack_element[] = {
+ /* RSAPrivateKey, offset: 0, length: 176 */
+ 0x30, 0x81, 0xb0,
+ /* version, offset: 4, length: 1 */
+ 0x02, 0x01, 0x00,
+ /* n, offset: 7, length: 65 */
+ 0x02, 0x41,
+ 0x00, 0xb9, 0xe1, 0x22, 0xdb, 0x56, 0x2f, 0xb6,
+ 0xf7, 0xf0, 0x0a, 0x87, 0x43, 0x07, 0x12, 0xdb,
+ 0x6d, 0xb6, 0x2b, 0x41, 0x8d, 0x2c, 0x3c, 0xa5,
+ 0xdd, 0x78, 0x9a, 0x8f, 0xab, 0x8e, 0xf2, 0x4a,
+ 0xc8, 0x34, 0x0c, 0x12, 0x4f, 0x11, 0x90, 0xc6,
+ 0xc2, 0xa5, 0xd0, 0xcd, 0xfb, 0xfc, 0x2c, 0x95,
+ 0x56, 0x82, 0xdf, 0x39, 0xf3, 0x3b, 0x1d, 0x62,
+ 0x26, 0x97, 0xb7, 0x93, 0x25, 0xc7, 0xec, 0x7e,
+ 0xf7,
+ /* e, offset: 74, length: 3 */
+ 0x02, 0x03, 0x01, 0x00, 0x01,
+ /* d, offset: 79, length: 64 */
+ 0x02, 0x40,
+ 0x1e, 0x80, 0xfe, 0xda, 0x65, 0xdb, 0x70, 0xb8,
+ 0x61, 0x91, 0x28, 0xbf, 0x6c, 0x32, 0xc1, 0x05,
+ 0xd1, 0x26, 0x6a, 0x1c, 0x83, 0xcc, 0xf4, 0x1f,
+ 0x53, 0x42, 0x72, 0x1f, 0x62, 0x57, 0x0a, 0xc4,
+ 0x66, 0x76, 0x30, 0x87, 0xb9, 0xb1, 0xb9, 0x6a,
+ 0x63, 0xfd, 0x8f, 0x3e, 0xfc, 0x35, 0x3f, 0xd6,
+ 0x2e, 0x6c, 0xc8, 0x70, 0x8a, 0x17, 0xc1, 0x28,
+ 0x6a, 0xfe, 0x51, 0x56, 0xb3, 0x92, 0x6f, 0x09,
+ /* p, offset: 145, length: 33 */
+ 0x02, 0x21,
+ 0x00, 0xe3, 0x2e, 0x2d, 0x8d, 0xba, 0x1c, 0x34,
+ 0x4c, 0x49, 0x9f, 0xc1, 0xa6, 0xdd, 0xd7, 0x13,
+ 0x8d, 0x05, 0x48, 0xdd, 0xff, 0x5c, 0x30, 0xbc,
+ 0x6b, 0xc4, 0x18, 0x9d, 0xfc, 0xa2, 0xd0, 0x9b,
+ 0x4d,
+ /* q, offset: 180, length: 33 */
+ 0x02, 0x21,
+ 0x00, 0xd1, 0x75, 0xaf, 0x4b, 0xc6, 0x1a, 0xb0,
+ 0x98, 0x14, 0x42, 0xae, 0x33, 0xf3, 0x44, 0xde,
+ 0x21, 0xcb, 0x04, 0xda, 0xfb, 0x1e, 0x35, 0x92,
+ 0xcd, 0x69, 0xc0, 0x83, 0x06, 0x83, 0x8e, 0x39,
+ 0x53,
+ /* lack element: dp, dq, u */
+};
+
+static const uint8_t rsa_public_key_lack_element[] = {
+ /* RSAPublicKey, offset: 0, length: 67 */
+ 0x30, 0x81, 0x43,
+ /* n, offset: 7, length: 65 */
+ 0x02, 0x41,
+ 0x00, 0xb9, 0xe1, 0x22, 0xdb, 0x56, 0x2f, 0xb6,
+ 0xf7, 0xf0, 0x0a, 0x87, 0x43, 0x07, 0x12, 0xdb,
+ 0x6d, 0xb6, 0x2b, 0x41, 0x8d, 0x2c, 0x3c, 0xa5,
+ 0xdd, 0x78, 0x9a, 0x8f, 0xab, 0x8e, 0xf2, 0x4a,
+ 0xc8, 0x34, 0x0c, 0x12, 0x4f, 0x11, 0x90, 0xc6,
+ 0xc2, 0xa5, 0xd0, 0xcd, 0xfb, 0xfc, 0x2c, 0x95,
+ 0x56, 0x82, 0xdf, 0x39, 0xf3, 0x3b, 0x1d, 0x62,
+ 0x26, 0x97, 0xb7, 0x93, 0x25, 0xc7, 0xec, 0x7e,
+ 0xf7,
+ /* lack element: e */
+};
+
+static const uint8_t rsa_public_key_empty_element[] = {
+ /* RSAPublicKey, offset: 0, length: 69 */
+ 0x30, 0x81, 0x45,
+ /* n, offset: 7, length: 65 */
+ 0x02, 0x41,
+ 0x00, 0xb9, 0xe1, 0x22, 0xdb, 0x56, 0x2f, 0xb6,
+ 0xf7, 0xf0, 0x0a, 0x87, 0x43, 0x07, 0x12, 0xdb,
+ 0x6d, 0xb6, 0x2b, 0x41, 0x8d, 0x2c, 0x3c, 0xa5,
+ 0xdd, 0x78, 0x9a, 0x8f, 0xab, 0x8e, 0xf2, 0x4a,
+ 0xc8, 0x34, 0x0c, 0x12, 0x4f, 0x11, 0x90, 0xc6,
+ 0xc2, 0xa5, 0xd0, 0xcd, 0xfb, 0xfc, 0x2c, 0x95,
+ 0x56, 0x82, 0xdf, 0x39, 0xf3, 0x3b, 0x1d, 0x62,
+ 0x26, 0x97, 0xb7, 0x93, 0x25, 0xc7, 0xec, 0x7e,
+ 0xf7,
+ /* e: empty element */
+ 0x02, 0x00,
+};
+
+static const uint8_t rsa_private_key_empty_element[] = {
+ /* RSAPrivateKey, offset: 0, length: 19 */
+ 0x30, 0x81, 0x13,
+ /* version, offset: 4, length: 1 */
+ 0x02, 0x01, 0x00,
+ /* n: empty element */
+ 0x02, 0x00,
+ /* e: empty element */
+ 0x02, 0x00,
+ /* d: empty element */
+ 0x02, 0x00,
+ /* p: empty element */
+ 0x02, 0x00,
+ /* q: empty element */
+ 0x02, 0x00,
+ /* dp: empty element */
+ 0x02, 0x00,
+ /* dq: empty element */
+ 0x02, 0x00,
+ /* u: empty element */
+ 0x02, 0x00,
+};
+
+static const uint8_t rsa_public_key_invalid_length_val[] = {
+ /* RSAPublicKey, INVALID length: 313 */
+ 0x30, 0x82, 0x01, 0x39,
+ /* n, offset: 7, length: 65 */
+ 0x02, 0x41,
+ 0x00, 0xb9, 0xe1, 0x22, 0xdb, 0x56, 0x2f, 0xb6,
+ 0xf7, 0xf0, 0x0a, 0x87, 0x43, 0x07, 0x12, 0xdb,
+ 0x6d, 0xb6, 0x2b, 0x41, 0x8d, 0x2c, 0x3c, 0xa5,
+ 0xdd, 0x78, 0x9a, 0x8f, 0xab, 0x8e, 0xf2, 0x4a,
+ 0xc8, 0x34, 0x0c, 0x12, 0x4f, 0x11, 0x90, 0xc6,
+ 0xc2, 0xa5, 0xd0, 0xcd, 0xfb, 0xfc, 0x2c, 0x95,
+ 0x56, 0x82, 0xdf, 0x39, 0xf3, 0x3b, 0x1d, 0x62,
+ 0x26, 0x97, 0xb7, 0x93, 0x25, 0xc7, 0xec, 0x7e,
+ 0xf7,
+ /* e, */
+ 0x02, 0x03, 0x01, 0x00, 0x01, /* INTEGER, offset: 74, length: 3 */
+};
+
+static const uint8_t rsa_public_key_extra_elem[] = {
+ /* RSAPublicKey, length: 80 */
+ 0x30, 0x81, 0x50,
+ /* n, offset: 7, length: 65 */
+ 0x02, 0x41,
+ 0x00, 0xb9, 0xe1, 0x22, 0xdb, 0x56, 0x2f, 0xb6,
+ 0xf7, 0xf0, 0x0a, 0x87, 0x43, 0x07, 0x12, 0xdb,
+ 0x6d, 0xb6, 0x2b, 0x41, 0x8d, 0x2c, 0x3c, 0xa5,
+ 0xdd, 0x78, 0x9a, 0x8f, 0xab, 0x8e, 0xf2, 0x4a,
+ 0xc8, 0x34, 0x0c, 0x12, 0x4f, 0x11, 0x90, 0xc6,
+ 0xc2, 0xa5, 0xd0, 0xcd, 0xfb, 0xfc, 0x2c, 0x95,
+ 0x56, 0x82, 0xdf, 0x39, 0xf3, 0x3b, 0x1d, 0x62,
+ 0x26, 0x97, 0xb7, 0x93, 0x25, 0xc7, 0xec, 0x7e,
+ 0xf7,
+ /* e, offset: 74, length: 3 */
+ 0x02, 0x03, 0x01, 0x00, 0x01,
+ /* Additional integer field, length 3 */
+ 0x02, 0x06, 0xe1, 0x22, 0xdb, 0xe1, 0x22, 0xdb,
+};
+
+typedef struct QCryptoRSAKeyTestData QCryptoRSAKeyTestData;
+struct QCryptoRSAKeyTestData {
+ const char *path;
+ QCryptoAkCipherKeyType key_type;
+ QCryptoAkCipherOptions opt;
+ const uint8_t *key;
+ size_t keylen;
+ bool is_valid_key;
+ size_t exp_key_len;
+};
+
typedef struct QCryptoAkCipherTestData QCryptoAkCipherTestData;
struct QCryptoAkCipherTestData {
const char *path;
@@ -537,7 +689,98 @@ struct QCryptoAkCipherTestData {
size_t slen;
};
-static QCryptoAkCipherTestData test_data[] = {
+static QCryptoRSAKeyTestData rsakey_test_data[] = {
+ {
+ .path = "/crypto/akcipher/rsakey-1024-public",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC,
+ .key = rsa1024_public_key,
+ .keylen = sizeof(rsa1024_public_key),
+ .is_valid_key = true,
+ .exp_key_len = 128,
+ },
+ {
+ .path = "/crypto/akcipher/rsakey-1024-private",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE,
+ .key = rsa1024_private_key,
+ .keylen = sizeof(rsa1024_private_key),
+ .is_valid_key = true,
+ .exp_key_len = 128,
+ },
+ {
+ .path = "/crypto/akcipher/rsakey-2048-public",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC,
+ .key = rsa2048_public_key,
+ .keylen = sizeof(rsa2048_public_key),
+ .is_valid_key = true,
+ .exp_key_len = 256,
+ },
+ {
+ .path = "/crypto/akcipher/rsakey-2048-private",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE,
+ .key = rsa2048_private_key,
+ .keylen = sizeof(rsa2048_private_key),
+ .is_valid_key = true,
+ .exp_key_len = 256,
+ },
+ {
+ .path = "/crypto/akcipher/rsakey-public-lack-elem",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC,
+ .key = rsa_public_key_lack_element,
+ .keylen = sizeof(rsa_public_key_lack_element),
+ .is_valid_key = false,
+ },
+ {
+ .path = "/crypto/akcipher/rsakey-private-lack-elem",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE,
+ .key = rsa_private_key_lack_element,
+ .keylen = sizeof(rsa_private_key_lack_element),
+ .is_valid_key = false,
+ },
+ {
+ .path = "/crypto/akcipher/rsakey-public-empty-elem",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC,
+ .key = rsa_public_key_empty_element,
+ .keylen = sizeof(rsa_public_key_empty_element),
+ .is_valid_key = false,
+ },
+ {
+ .path = "/crypto/akcipher/rsakey-private-empty-elem",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE,
+ .key = rsa_private_key_empty_element,
+ .keylen = sizeof(rsa_private_key_empty_element),
+ .is_valid_key = false,
+ },
+ {
+ .path = "/crypto/akcipher/rsakey-public-empty-key",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC,
+ .key = NULL,
+ .keylen = 0,
+ .is_valid_key = false,
+ },
+ {
+ .path = "/crypto/akcipher/rsakey-private-empty-key",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE,
+ .key = NULL,
+ .keylen = 0,
+ .is_valid_key = false,
+ },
+ {
+ .path = "/crypto/akcipher/rsakey-public-invalid-length-val",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC,
+ .key = rsa_public_key_invalid_length_val,
+ .keylen = sizeof(rsa_public_key_invalid_length_val),
+ .is_valid_key = false,
+ },
+ {
+ .path = "/crypto/akcipher/rsakey-public-extra-elem",
+ .key_type = QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC,
+ .key = rsa_public_key_extra_elem,
+ .keylen = sizeof(rsa_public_key_extra_elem),
+ .is_valid_key = false,
+ },
+};
+
+static QCryptoAkCipherTestData akcipher_test_data[] = {
/* rsa1024 with raw padding */
{
.path = "/crypto/akcipher/rsa1024-raw",
@@ -697,14 +940,50 @@ static void test_akcipher(const void *opaque)
qcrypto_akcipher_free(priv_key);
}
+static void test_rsakey(const void *opaque)
+{
+ const QCryptoRSAKeyTestData *data = (const QCryptoRSAKeyTestData *)opaque;
+ QCryptoAkCipherOptions opt = {
+ .alg = QCRYPTO_AKCIPHER_ALG_RSA,
+ .u.rsa = {
+ .padding_alg = QCRYPTO_RSA_PADDING_ALG_PKCS1,
+ .hash_alg = QCRYPTO_HASH_ALG_SHA1,
+ }
+ };
+ g_autoptr(QCryptoAkCipher) key = qcrypto_akcipher_new(
+ &opt, data->key_type, data->key, data->keylen, NULL);
+
+ if (!qcrypto_akcipher_supports(&opt)) {
+ return;
+ }
+
+ if (!data->is_valid_key) {
+ g_assert(key == NULL);
+ return;
+ }
+
+ g_assert(key != NULL);
+ g_assert(qcrypto_akcipher_max_ciphertext_len(key) == data->exp_key_len);
+ g_assert(qcrypto_akcipher_max_plaintext_len(key) == data->exp_key_len);
+ g_assert(qcrypto_akcipher_max_signature_len(key) == data->exp_key_len);
+ g_assert(qcrypto_akcipher_max_dgst_len(key) == data->exp_key_len);
+}
+
int main(int argc, char **argv)
{
size_t i;
g_test_init(&argc, &argv, NULL);
g_assert(qcrypto_init(NULL) == 0);
- for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
- g_test_add_data_func(test_data[i].path, &test_data[i], test_akcipher);
+ for (i = 0; i < G_N_ELEMENTS(akcipher_test_data); i++) {
+ g_test_add_data_func(akcipher_test_data[i].path,
+ &akcipher_test_data[i],
+ test_akcipher);
+ }
+ for (i = 0; i < G_N_ELEMENTS(rsakey_test_data); i++) {
+ g_test_add_data_func(rsakey_test_data[i].path,
+ &rsakey_test_data[i],
+ test_rsakey);
}
return g_test_run();
--
2.36.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PULL 0/7] crypto asymmetric cipher patches
2022-05-26 10:45 [PULL 0/7] crypto asymmetric cipher patches Daniel P. Berrangé
` (6 preceding siblings ...)
2022-05-26 10:45 ` [PULL 7/7] tests/crypto: Add test suite for RSA keys Daniel P. Berrangé
@ 2022-05-26 16:18 ` Richard Henderson
7 siblings, 0 replies; 9+ messages in thread
From: Richard Henderson @ 2022-05-26 16:18 UTC (permalink / raw)
To: Daniel P. Berrangé, qemu-devel; +Cc: Markus Armbruster, Eric Blake
On 5/26/22 03:45, Daniel P. Berrangé wrote:
> The following changes since commit 58b53669e87fed0d70903e05cd42079fbbdbc195:
>
> Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2022-05-25 13:46:29 -0700)
>
> are available in the Git repository at:
>
> https://gitlab.com/berrange/qemu tags/ak-pull-request
>
> for you to fetch changes up to f0cfb761bc6e590d648b759e6bdb8c946062b5f5:
>
> tests/crypto: Add test suite for RSA keys (2022-05-26 11:41:56 +0100)
>
> ----------------------------------------------------------------
> Merge asymmetric cipher crypto support
>
> This extends the internal crypto APIs to support the use of asymmetric
> ciphers.
Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate.
r~
>
> ----------------------------------------------------------------
>
> Lei He (6):
> qapi: crypto-akcipher: Introduce akcipher types to qapi
> crypto: add ASN.1 DER decoder
> crypto: Implement RSA algorithm by hogweed
> crypto: Implement RSA algorithm by gcrypt
> test/crypto: Add test suite for crypto akcipher
> tests/crypto: Add test suite for RSA keys
>
> Zhenwei Pi (1):
> crypto: Introduce akcipher crypto class
>
> crypto/akcipher-gcrypt.c.inc | 595 ++++++++++++++
> crypto/akcipher-nettle.c.inc | 451 +++++++++++
> crypto/akcipher.c | 108 +++
> crypto/akcipherpriv.h | 55 ++
> crypto/der.c | 189 +++++
> crypto/der.h | 81 ++
> crypto/meson.build | 6 +
> crypto/rsakey-builtin.c.inc | 200 +++++
> crypto/rsakey-nettle.c.inc | 158 ++++
> crypto/rsakey.c | 44 ++
> crypto/rsakey.h | 92 +++
> include/crypto/akcipher.h | 158 ++++
> meson.build | 11 +
> qapi/crypto.json | 64 ++
> tests/bench/benchmark-crypto-akcipher.c | 137 ++++
> tests/bench/meson.build | 1 +
> tests/bench/test_akcipher_keys.inc | 537 +++++++++++++
> tests/unit/meson.build | 2 +
> tests/unit/test-crypto-akcipher.c | 990 ++++++++++++++++++++++++
> tests/unit/test-crypto-der.c | 290 +++++++
> 20 files changed, 4169 insertions(+)
> create mode 100644 crypto/akcipher-gcrypt.c.inc
> create mode 100644 crypto/akcipher-nettle.c.inc
> create mode 100644 crypto/akcipher.c
> create mode 100644 crypto/akcipherpriv.h
> create mode 100644 crypto/der.c
> create mode 100644 crypto/der.h
> create mode 100644 crypto/rsakey-builtin.c.inc
> create mode 100644 crypto/rsakey-nettle.c.inc
> create mode 100644 crypto/rsakey.c
> create mode 100644 crypto/rsakey.h
> create mode 100644 include/crypto/akcipher.h
> create mode 100644 tests/bench/benchmark-crypto-akcipher.c
> create mode 100644 tests/bench/test_akcipher_keys.inc
> create mode 100644 tests/unit/test-crypto-akcipher.c
> create mode 100644 tests/unit/test-crypto-der.c
>
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-05-26 16:19 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-26 10:45 [PULL 0/7] crypto asymmetric cipher patches Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 1/7] qapi: crypto-akcipher: Introduce akcipher types to qapi Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 2/7] crypto: Introduce akcipher crypto class Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 3/7] crypto: add ASN.1 DER decoder Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 4/7] crypto: Implement RSA algorithm by hogweed Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 5/7] crypto: Implement RSA algorithm by gcrypt Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 6/7] test/crypto: Add test suite for crypto akcipher Daniel P. Berrangé
2022-05-26 10:45 ` [PULL 7/7] tests/crypto: Add test suite for RSA keys Daniel P. Berrangé
2022-05-26 16:18 ` [PULL 0/7] crypto asymmetric cipher patches Richard Henderson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.