-
Notifications
You must be signed in to change notification settings - Fork 457
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add PEM support #587
Add PEM support #587
Commits on Aug 20, 2024
-
add OpenSSH Private Key decryption demo
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bee3ad2 - Browse repository at this point
Copy the full SHA bee3ad2View commit details -
Configuration menu - View commit details
-
Copy full SHA for fec3d45 - Browse repository at this point
Copy the full SHA fec3d45View commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2ff20d7 - Browse repository at this point
Copy the full SHA 2ff20d7View commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e0046fb - Browse repository at this point
Copy the full SHA e0046fbView commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 350fbc6 - Browse repository at this point
Copy the full SHA 350fbc6View commit details -
Configuration menu - View commit details
-
Copy full SHA for a301ea1 - Browse repository at this point
Copy the full SHA a301ea1View commit details -
re-factor openssh-privkey demo into library functions
This adds two new API functions * `pem_decode_openssh()` * `pem_decode_openssh_filehandle()` It also introduces the following two new types: * a new union type `ltc_pka_key` which can hold any PKA key type. * a `password_ctx` type with a callback to retrieve a password if necessary. Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cf71fff - Browse repository at this point
Copy the full SHA cf71fffView commit details -
Configuration menu - View commit details
-
Copy full SHA for 69c93a8 - Browse repository at this point
Copy the full SHA 69c93a8View commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 35c306f - Browse repository at this point
Copy the full SHA 35c306fView commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 18baa14 - Browse repository at this point
Copy the full SHA 18baa14View commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b8cb13f - Browse repository at this point
Copy the full SHA b8cb13fView commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e9f1db1 - Browse repository at this point
Copy the full SHA e9f1db1View commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3f6f885 - Browse repository at this point
Copy the full SHA 3f6f885View commit details -
add support for regular PEM files
This adds support to decode plain and encrypted PEM files. Either in OpenSSL specific format or PKCS#8 Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f036a47 - Browse repository at this point
Copy the full SHA f036a47View commit details -
Configuration menu - View commit details
-
Copy full SHA for 370457f - Browse repository at this point
Copy the full SHA 370457fView commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 464c9b1 - Browse repository at this point
Copy the full SHA 464c9b1View commit details -
add DSA support to PEM decoder
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 22a952b - Browse repository at this point
Copy the full SHA 22a952bView commit details -
Verify that the imported keys match
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d1e48df - Browse repository at this point
Copy the full SHA d1e48dfView commit details -
add file-iterator to
test_process_dir()
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a76447f - Browse repository at this point
Copy the full SHA a76447fView commit details -
also test FILE-based PEM API's
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3e981af - Browse repository at this point
Copy the full SHA 3e981afView commit details -
split-up into multiple C files
... and slightly optimize multiple things, e.g. `DEK-Info` decoding Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 87a1758 - Browse repository at this point
Copy the full SHA 87a1758View commit details -
Signed-off-by: Steffen Jaeckel <[email protected]> # Conflicts: # src/pk/dh/dh_import.c # src/pk/dh/dh_set.c # src/pk/dh/dh_set_pg_dhparam.c
Configuration menu - View commit details
-
Copy full SHA for 26fbebb - Browse repository at this point
Copy the full SHA 26fbebbView commit details -
If someone wants to fix builds on MSVC, please step forward. Until then the library can still be used on Windows via `mingw-gcc`. Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5523ead - Browse repository at this point
Copy the full SHA 5523eadView commit details -
* more `const` correctness * take `LTC_NO_FILE` into account * only declare `extern` variables where they're required * ensure keys don't contain stale data * ensure input arguments are valid * add `CRYPT_PW_CTX_MISSING` error code * fix documentation Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4e46f82 - Browse repository at this point
Copy the full SHA 4e46f82View commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6515822 - Browse repository at this point
Copy the full SHA 6515822View commit details -
Configuration menu - View commit details
-
Copy full SHA for 39d4b08 - Browse repository at this point
Copy the full SHA 39d4b08View commit details -
distinguish between Ed25519 and X25519
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 661f584 - Browse repository at this point
Copy the full SHA 661f584View commit details -
Add support for
aes256-ctr
encrypted SSH keysSigned-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6c24c5c - Browse repository at this point
Copy the full SHA 6c24c5cView commit details -
Use the public key contained within the ssh key
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9333d5c - Browse repository at this point
Copy the full SHA 9333d5cView commit details -
Add "Enter passphrase" support to
openssh-privkey
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 934abdd - Browse repository at this point
Copy the full SHA 934abddView commit details -
Refactor some of the ECC import internals
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5d86589 - Browse repository at this point
Copy the full SHA 5d86589View commit details -
Add support for more algos of encrypted PEM files
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f6497d2 - Browse repository at this point
Copy the full SHA f6497d2View commit details -
Configuration menu - View commit details
-
Copy full SHA for cda6211 - Browse repository at this point
Copy the full SHA cda6211View commit details -
Add support for importing PEM public keys
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 23eb8f9 - Browse repository at this point
Copy the full SHA 23eb8f9View commit details -
Per default support PEM line lengths up to 80 chars
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 928c476 - Browse repository at this point
Copy the full SHA 928c476View commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ca7b4ee - Browse repository at this point
Copy the full SHA ca7b4eeView commit details -
Valgrind 3.15.0 on Ubuntu 20.04 reports a false positive [0] ``` ==7922== Conditional jump or move depends on uninitialised value(s) ==7922== at 0x461F0C: s_decode_header (pem_ssh.c:316) [...] ``` Simply suppress this false positive. [0] https://github.com/libtom/libtomcrypt/actions/runs/6507805191/job/17676616149?pr=587 Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7b5d85d - Browse repository at this point
Copy the full SHA 7b5d85dView commit details -
Add support for more PEM file types + some fixes
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8d19047 - Browse repository at this point
Copy the full SHA 8d19047View commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fe3b3e6 - Browse repository at this point
Copy the full SHA fe3b3e6View commit details -
Move password buffer into the library
The design before was not completely fine. The user had to allocate the buffer and passed ownership to the library. As of [0] this seems to be a problem in some environments. [0] #587 (comment) Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 03515d5 - Browse repository at this point
Copy the full SHA 03515d5View commit details -
Make everything compile on MSVC
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9db30df - Browse repository at this point
Copy the full SHA 9db30dfView commit details -
Revert "Move password buffer into the library"
This reverts commit d840323
Configuration menu - View commit details
-
Copy full SHA for 02cb0c4 - Browse repository at this point
Copy the full SHA 02cb0c4View commit details -
Add
free()
function topassword_ctx
The user can now pass a `free()` function pointer that will be used to free the memory that has been allocated by the `callback()`. If `free()` is NULL, the library will still call `XFREE()`. Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9579022 - Browse repository at this point
Copy the full SHA 9579022View commit details -
Configuration menu - View commit details
-
Copy full SHA for 65e05bf - Browse repository at this point
Copy the full SHA 65e05bfView commit details -
Add support for more types of encrypted PEM files
1. ChaCha20, two-key 3DES and DES-X encrypted OpenSSL PEM files 2. AES-GCM and Chacha20+Poly1305 encrypted SSH keys * OpenSSH uses a slightly different algorithm for its `[email protected]` than defined in the RFC. Therefore add an `openssh_compat` flag to `chacha20poly1305_state`. * Add the option to give a 16byte IV and no counter, when calling `chacha20poly1305_memory()` * Add support for DES-X Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c0be0aa - Browse repository at this point
Copy the full SHA c0be0aaView commit details -
Add support for reading
authorized_keys
filesThis also changes the requirements when calling `ecc_find_curve()` that the `cu` argument can be NULL. Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 478f43f - Browse repository at this point
Copy the full SHA 478f43fView commit details -
Configuration menu - View commit details
-
Copy full SHA for ec8ffbb - Browse repository at this point
Copy the full SHA ec8ffbbView commit details -
Fix
make tvs
, addmake pr-check
Fixup of 5ad1681 Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5dec1ee - Browse repository at this point
Copy the full SHA 5dec1eeView commit details -
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cf79fac - Browse repository at this point
Copy the full SHA cf79facView commit details -
We can now also decrypt PEM files encrypted in CFB1 and CFB8 mode
Signed-off-by: Steffen Jaeckel <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2613264 - Browse repository at this point
Copy the full SHA 2613264View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2594f3a - Browse repository at this point
Copy the full SHA 2594f3aView commit details