Add PEM support #587
Add PEM support #587
Commits on Aug 20, 2024
-
add OpenSSH Private Key decryption demo
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
re-factor openssh-privkey demo into library functions
This adds two new API functions * `pem_decode_openssh()` * `pem_decode_openssh_filehandle()` It also introduces the following two new types: * a new union type `ltc_pka_key` which can hold any PKA key type. * a `password_ctx` type with a callback to retrieve a password if necessary. Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
add support for regular PEM files
This adds support to decode plain and encrypted PEM files. Either in OpenSSL specific format or PKCS#8 Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
add DSA support to PEM decoder
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Verify that the imported keys match
Signed-off-by: Steffen Jaeckel <[email protected]>
-
add file-iterator to
test_process_dir()Signed-off-by: Steffen Jaeckel <[email protected]>
-
also test FILE-based PEM API's
Signed-off-by: Steffen Jaeckel <[email protected]>
-
split-up into multiple C files
... and slightly optimize multiple things, e.g. `DEK-Info` decoding Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]> # Conflicts: # src/pk/dh/dh_import.c # src/pk/dh/dh_set.c # src/pk/dh/dh_set_pg_dhparam.c
-
If someone wants to fix builds on MSVC, please step forward. Until then the library can still be used on Windows via `mingw-gcc`. Signed-off-by: Steffen Jaeckel <[email protected]>
-
* more `const` correctness * take `LTC_NO_FILE` into account * only declare `extern` variables where they're required * ensure keys don't contain stale data * ensure input arguments are valid * add `CRYPT_PW_CTX_MISSING` error code * fix documentation Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
distinguish between Ed25519 and X25519
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Add support for
aes256-ctrencrypted SSH keysSigned-off-by: Steffen Jaeckel <[email protected]>
-
Use the public key contained within the ssh key
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Add "Enter passphrase" support to
openssh-privkeySigned-off-by: Steffen Jaeckel <[email protected]>
-
Refactor some of the ECC import internals
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Add support for more algos of encrypted PEM files
Signed-off-by: Steffen Jaeckel <[email protected]>
-
-
Add support for importing PEM public keys
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Per default support PEM line lengths up to 80 chars
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Valgrind 3.15.0 on Ubuntu 20.04 reports a false positive [0] ``` ==7922== Conditional jump or move depends on uninitialised value(s) ==7922== at 0x461F0C: s_decode_header (pem_ssh.c:316) [...] ``` Simply suppress this false positive. [0] https://github.com/libtom/libtomcrypt/actions/runs/6507805191/job/17676616149?pr=587 Signed-off-by: Steffen Jaeckel <[email protected]>
-
Add support for more PEM file types + some fixes
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Move password buffer into the library
The design before was not completely fine. The user had to allocate the buffer and passed ownership to the library. As of [0] this seems to be a problem in some environments. [0] #587 (comment) Signed-off-by: Steffen Jaeckel <[email protected]>
-
Make everything compile on MSVC
Signed-off-by: Steffen Jaeckel <[email protected]>
-
Revert "Move password buffer into the library"
This reverts commit d840323
-
Add
free()function topassword_ctxThe user can now pass a `free()` function pointer that will be used to free the memory that has been allocated by the `callback()`. If `free()` is NULL, the library will still call `XFREE()`. Signed-off-by: Steffen Jaeckel <[email protected]>
-
Add support for more types of encrypted PEM files
1. ChaCha20, two-key 3DES and DES-X encrypted OpenSSL PEM files 2. AES-GCM and Chacha20+Poly1305 encrypted SSH keys * OpenSSH uses a slightly different algorithm for its `[email protected]` than defined in the RFC. Therefore add an `openssh_compat` flag to `chacha20poly1305_state`. * Add the option to give a 16byte IV and no counter, when calling `chacha20poly1305_memory()` * Add support for DES-X Signed-off-by: Steffen Jaeckel <[email protected]>
-
Add support for reading
authorized_keysfilesThis also changes the requirements when calling `ecc_find_curve()` that the `cu` argument can be NULL. Signed-off-by: Steffen Jaeckel <[email protected]>
-
-
Fix
make tvs, addmake pr-checkFixup of 5ad1681 Signed-off-by: Steffen Jaeckel <[email protected]>
-
Signed-off-by: Steffen Jaeckel <[email protected]>
-
We can now also decrypt PEM files encrypted in CFB1 and CFB8 mode
Signed-off-by: Steffen Jaeckel <[email protected]>
