-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Augment DES test cases with AES: pkparse pkcs8 #7039
Comments
Can I work on this? I would like to do my first open-source contribution. |
Yes please. It is labelled as "good-first-issue" thus suitable for a first contribution. If you do not have already done it, please have a look at README.md and CONTRIBUTING.md. Thanks. |
Thanks @ronald-cron-arm |
Please correct me if I am wrong(as it is my first contribution) for the steps needed to fix this as follows.
Where can I find this DES key which was used for the encryption of these RSA private keys? I need to decrypt the key first before re-encrypting it? Thanks! |
This looks overall inline with the issue description.
I would say rather to find the test cases using test-ca.key/.key.enc/ecpw* and to update their dependencies from MBEDTLS_DES_C to MBEDTLS_AES_C.
It seems the key is computed from the IV that is at the beginning of the file (DEK-Info ...) and the password PolarSSLTest: see "Parse RSA Key #2 (Correct password)" test case in test_suite_pkparse.data and the processing of mbedtls_pk_parse_keyfile() called by pk_parse_keyfile_rsa() in test_suite_pkparse.function. Finally to start with I would suggest to just work on test-ca.key, create a PR for that and go through the review process. |
Hello @ronald-cron-arm / @gilles-peskine-arm , can you please review #7416 . |
Most pkparse test cases for PKCS#1 and PKCS#8 encrypted key formats use DES, which is deprecated. The goal of this task is to write equivalent test cases using AES.
The test cases all use files in
tests/data_files
:The goal of this task is:
test-ca.key
,*.key.enc
andec*pw*
files: re-encrypt them using AES-128-CBC, keeping the same content (same EC key). Update the dependencies (MBEDTLS_DES_C
toMBEDTLS_AES_C
) of the corresponding test cases intest_suite_pkparse.data
, and intest_suite_x509write.data
fortest-ca.key
.rsa_pkcs1_*
files: nothing to do — there are already AES variants and corresponding test cases.rsa_pkcs8_*
files: create files encrypted with AES-128-CBC, keeping the same content. Add corresponding test cases intest_suite_pkparse.data
(copy the DES/3DES test cases, changing the file names toaes
and the dependencies toMBEDTLS_AES_C
).certs.c
(which is intests/src
indevelopment
, and inlibrary
inmbedtls-2.28
). Update them.Most of those files are generated through rules in
tests/data_files/Makefile
. Add or change rules for the AES files.The text was updated successfully, but these errors were encountered: