diff --git a/0001-Aarch64-and-ppc64le-use-lib64.patch b/0001-Aarch64-and-ppc64le-use-lib64.patch new file mode 100644 index 0000000000000000000000000000000000000000..e5d23ba762efc0dd6086e8562bad411dfd880aec --- /dev/null +++ b/0001-Aarch64-and-ppc64le-use-lib64.patch @@ -0,0 +1,33 @@ +From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:01:41 +0200 +Subject: Aarch64 and ppc64le use lib64 + +(Was openssl-1.1.1-build.patch) +--- + Configurations/10-main.conf | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf +index d7580bf3e1..a7dbfd7f40 100644 +--- a/Configurations/10-main.conf ++++ b/Configurations/10-main.conf +@@ -723,6 +723,7 @@ my %targets = ( + lib_cppflags => add("-DL_ENDIAN"), + asm_arch => 'ppc64', + perlasm_scheme => "linux64le", ++ multilib => "64", + }, + + "linux-armv4" => { +@@ -765,6 +766,7 @@ my %targets = ( + inherit_from => [ "linux-generic64" ], + asm_arch => 'aarch64', + perlasm_scheme => "linux64", ++ multilib => "64", + }, + "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 + inherit_from => [ "linux-generic32" ], +-- +2.26.2 + diff --git a/0002-Use-more-general-default-values-in-openssl.cnf.patch b/0002-Use-more-general-default-values-in-openssl.cnf.patch new file mode 100644 index 0000000000000000000000000000000000000000..83ed599a64e1435a435e7a3b007bee4c3ec2b408 --- /dev/null +++ b/0002-Use-more-general-default-values-in-openssl.cnf.patch @@ -0,0 +1,68 @@ +From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:03:40 +0200 +Subject: Use more general default values in openssl.cnf + +Also set sha256 as default hash, although that should not be +necessary anymore. + +(was openssl-1.1.1-defaults.patch) +--- + apps/openssl.cnf | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index 97567a67be..eb25a0ac48 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf +@@ -104,7 +104,7 @@ cert_opt = ca_default # Certificate field options + + default_days = 365 # how long to certify for + default_crl_days= 30 # how long before next CRL +-default_md = default # use public key default MD ++default_md = sha256 # use SHA-256 by default + preserve = no # keep passed DN ordering + + # A few difference way of specifying how similar the request should look +@@ -136,6 +136,7 @@ emailAddress = optional + #################################################################### + [ req ] + default_bits = 2048 ++default_md = sha256 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + attributes = req_attributes +@@ -158,17 +159,18 @@ string_mask = utf8only + + [ req_distinguished_name ] + countryName = Country Name (2 letter code) +-countryName_default = AU ++countryName_default = XX + countryName_min = 2 + countryName_max = 2 + + stateOrProvinceName = State or Province Name (full name) +-stateOrProvinceName_default = Some-State ++#stateOrProvinceName_default = Default Province + + localityName = Locality Name (eg, city) ++localityName_default = Default City + + 0.organizationName = Organization Name (eg, company) +-0.organizationName_default = Internet Widgits Pty Ltd ++0.organizationName_default = Default Company Ltd + + # we can do this but it is not needed normally :-) + #1.organizationName = Second Organization Name (eg, company) +@@ -177,7 +179,7 @@ localityName = Locality Name (eg, city) + organizationalUnitName = Organizational Unit Name (eg, section) + #organizationalUnitName_default = + +-commonName = Common Name (e.g. server FQDN or YOUR name) ++commonName = Common Name (eg, your name or your server\'s hostname) + commonName_max = 64 + + emailAddress = Email Address +-- +2.26.2 + diff --git a/0003-Do-not-install-html-docs.patch b/0003-Do-not-install-html-docs.patch new file mode 100644 index 0000000000000000000000000000000000000000..66d62e0c6ce012025a28c8ae1c259c09d26bfa1a --- /dev/null +++ b/0003-Do-not-install-html-docs.patch @@ -0,0 +1,26 @@ +From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:05:55 +0200 +Subject: Do not install html docs + +(was openssl-1.1.1-no-html.patch) +--- + Configurations/unix-Makefile.tmpl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 342e46d24d..9f369edf0e 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime + + uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev + +-install_docs: install_man_docs install_html_docs ++install_docs: install_man_docs + + uninstall_docs: uninstall_man_docs uninstall_html_docs + $(RM) -r $(DESTDIR)$(DOCDIR) +-- +2.26.2 + diff --git a/0004-Override-default-paths-for-the-CA-directory-tree.patch b/0004-Override-default-paths-for-the-CA-directory-tree.patch new file mode 100644 index 0000000000000000000000000000000000000000..7c70c6045da158627125ff89935326ce538bd462 --- /dev/null +++ b/0004-Override-default-paths-for-the-CA-directory-tree.patch @@ -0,0 +1,73 @@ +From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:17:26 +0200 +Subject: Override default paths for the CA directory tree + +Also add default section to load crypto-policies configuration +for TLS. + +It needs to be reverted before running tests. + +(was openssl-1.1.1-conf-paths.patch) +--- + apps/CA.pl.in | 2 +- + apps/openssl.cnf | 20 ++++++++++++++++++-- + 2 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/apps/CA.pl.in b/apps/CA.pl.in +index c0afb96716..d6a5fabd16 100644 +--- a/apps/CA.pl.in ++++ b/apps/CA.pl.in +@@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; + my $PKCS12 = "$openssl pkcs12"; + + # Default values for various configuration settings. +-my $CATOP = "./demoCA"; ++my $CATOP = "/etc/pki/CA"; + my $CAKEY = "cakey.pem"; + my $CAREQ = "careq.pem"; + my $CACERT = "cacert.pem"; +diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf +--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200 ++++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200 +@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7 + + [openssl_init] + providers = provider_sect ++# Load default TLS policy configuration ++ssl_conf = ssl_module + + # List of providers to load + [provider_sect] +@@ -64,6 +66,13 @@ default = default_sect + [default_sect] + # activate = 1 + ++[ ssl_module ] ++ ++system_default = crypto_policy ++ ++[ crypto_policy ] ++ ++.include = /etc/crypto-policies/back-ends/opensslcnf.config + + #################################################################### + [ ca ] +@@ -72,7 +81,7 @@ default_ca = CA_default # The default c + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/pki/CA # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. +@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default + [ tsa_config1 ] + + # These are used by the TSA reply generation only. +-dir = ./demoCA # TSA root directory ++dir = /etc/pki/CA # TSA root directory + serial = $dir/tsaserial # The current serial number (mandatory) + crypto_device = builtin # OpenSSL engine to use for signing + signer_cert = $dir/tsacert.pem # The TSA signing certificate diff --git a/0005-apps-ca-fix-md-option-help-text.patch b/0005-apps-ca-fix-md-option-help-text.patch new file mode 100644 index 0000000000000000000000000000000000000000..1fed4c4619c7b8445c28bca7cb4eb9348ba7233e --- /dev/null +++ b/0005-apps-ca-fix-md-option-help-text.patch @@ -0,0 +1,28 @@ +From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:27:18 +0200 +Subject: apps/ca: fix md option help text + +upstreamable + +(was openssl-1.1.1-apps-dgst.patch) +--- + apps/ca.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/apps/ca.c b/apps/ca.c +index 0f21b4fa1c..3d4b2c1673 100755 +--- a/apps/ca.c ++++ b/apps/ca.c +@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = { + {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, + + OPT_SECTION("Signing"), +- {"md", OPT_MD, 's', "Digest to use, such as sha256"}, ++ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"}, + {"keyfile", OPT_KEYFILE, 's', "The CA private key"}, + {"keyform", OPT_KEYFORM, 'f', + "Private key file format (ENGINE, other values ignored)"}, +-- +2.26.2 + diff --git a/0006-Disable-signature-verification-with-totally-unsafe-h.patch b/0006-Disable-signature-verification-with-totally-unsafe-h.patch new file mode 100644 index 0000000000000000000000000000000000000000..f9dd2ddb1144cf752a1534ce24e72d308dcd1db7 --- /dev/null +++ b/0006-Disable-signature-verification-with-totally-unsafe-h.patch @@ -0,0 +1,29 @@ +From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:51:34 +0200 +Subject: Disable signature verification with totally unsafe hash algorithms + +(was openssl-1.1.1-no-weak-verify.patch) +--- + crypto/asn1/a_verify.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c +index b7eed914b0..af62f0ef08 100644 +--- a/crypto/asn1/a_verify.c ++++ b/crypto/asn1/a_verify.c +@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); + if (ret <= 1) + goto err; ++ } else if ((mdnid == NID_md5 ++ && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || ++ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { ++ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ++ goto err; + } else { + const EVP_MD *type = NULL; + +-- +2.26.2 + diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch new file mode 100644 index 0000000000000000000000000000000000000000..9917fcfb66063ce76ebd9d1358fb28f95a4cfb26 --- /dev/null +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -0,0 +1,323 @@ +From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 10:16:46 +0200 +Subject: Add support for PROFILE=SYSTEM system default cipherlist + +(was openssl-1.1.1-system-cipherlist.patch) +--- + Configurations/unix-Makefile.tmpl | 5 ++ + Configure | 10 +++- + doc/man1/openssl-ciphers.pod.in | 9 ++++ + include/openssl/ssl.h.in | 5 ++ + ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++---- + ssl/ssl_lib.c | 4 +- + test/cipherlist_test.c | 2 + + util/libcrypto.num | 1 + + 8 files changed, 110 insertions(+), 14 deletions(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 9f369edf0e..c52389f831 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man + DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) + HTMLDIR=$(DOCDIR)/html + ++{- output_off() if $config{system_ciphers_file} eq ""; "" -} ++SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\"" ++{- output_on() if $config{system_ciphers_file} eq ""; "" -} ++ + # MANSUFFIX is for the benefit of anyone who may want to have a suffix + # appended after the manpage file section number. "ssl" is popular, + # resulting in files such as config.5ssl rather than config.5. +@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} + CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} + CPPFLAGS={- our $cppflags1 = join(" ", + (map { "-D".$_} @{$config{CPPDEFINES}}), ++ "\$(SYSTEM_CIPHERS_FILE_DEFINE)", + (map { "-I".$_} @{$config{CPPINCLUDES}}), + @{$config{CPPFLAGS}}) -} + CFLAGS={- join(' ', @{$config{CFLAGS}}) -} +diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in +index b4ed3e51d5..2122e6bdfd 100644 +--- a/doc/man1/openssl-ciphers.pod.in ++++ b/doc/man1/openssl-ciphers.pod.in +@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B cipher suites are sensibly ordered by default. + + The cipher suites not enabled by B, currently B. + ++=item B ++ ++The list of enabled cipher suites will be loaded from the system crypto policy ++configuration file B. ++See also L. ++This is the default behavior unless an application explicitly sets a cipher ++list. If used in a cipher list configuration value this string must be at the ++beginning of the cipher list, otherwise it will not be recognized. ++ + =item B + + "High" encryption cipher suites. This currently means those with key lengths +diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in +index f9a61609e4..c6f95fed3f 100644 +--- a/include/openssl/ssl.h.in ++++ b/include/openssl/ssl.h.in +@@ -209,6 +209,11 @@ extern "C" { + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ ++# ifdef SYSTEM_CIPHERS_FILE ++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM" ++# else ++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list() ++# endif + + /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ + # define SSL_SENT_SHUTDOWN 1 +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index b1d3f7919e..f7cc7fed48 100644 +--- a/ssl/ssl_ciph.c ++++ b/ssl/ssl_ciph.c +@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str) + return ret; + } + ++#ifdef SYSTEM_CIPHERS_FILE ++static char *load_system_str(const char *suffix) ++{ ++ FILE *fp; ++ char buf[1024]; ++ char *new_rules; ++ const char *ciphers_path; ++ unsigned len, slen; ++ ++ if ((ciphers_path = ossl_safe_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL) ++ ciphers_path = SYSTEM_CIPHERS_FILE; ++ fp = fopen(ciphers_path, "r"); ++ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) { ++ /* cannot open or file is empty */ ++ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST); ++ } ++ ++ if (fp) ++ fclose(fp); ++ ++ slen = strlen(suffix); ++ len = strlen(buf); ++ ++ if (buf[len - 1] == '\n') { ++ len--; ++ buf[len] = 0; ++ } ++ if (buf[len - 1] == '\r') { ++ len--; ++ buf[len] = 0; ++ } ++ ++ new_rules = OPENSSL_malloc(len + slen + 1); ++ if (new_rules == 0) ++ return NULL; ++ ++ memcpy(new_rules, buf, len); ++ if (slen > 0) { ++ memcpy(&new_rules[len], suffix, slen); ++ len += slen; ++ } ++ new_rules[len] = 0; ++ ++ return new_rules; ++} ++#endif ++ + STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, +@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; + const SSL_CIPHER **ca_list = NULL; + const SSL_METHOD *ssl_method = ctx->method; ++#ifdef SYSTEM_CIPHERS_FILE ++ char *new_rules = NULL; ++ ++ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) { ++ char *p = rule_str + 14; ++ ++ new_rules = load_system_str(p); ++ rule_str = new_rules; ++ } ++#endif + + /* + * Return with error if nothing to do. + */ + if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) +- return NULL; ++ goto err; + + if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) +- return NULL; ++ goto err; + + /* + * To reduce the work to do we only want to process the compiled +@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); + if (co_list == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); +- return NULL; /* Failure */ ++ goto err; + } + + ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, +@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + * in force within each class + */ + if (!ssl_cipher_strength_sort(&head, &tail)) { +- OPENSSL_free(co_list); +- return NULL; ++ goto err; + } + + /* +@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; + ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); + if (ca_list == NULL) { +- OPENSSL_free(co_list); + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); +- return NULL; /* Failure */ ++ goto err; + } + ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, + disabled_mkey, disabled_auth, disabled_enc, +@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + OPENSSL_free(ca_list); /* Not needed anymore */ + + if (!ok) { /* Rule processing failure */ +- OPENSSL_free(co_list); +- return NULL; ++ goto err; + } + + /* +@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + * if we cannot get one. + */ + if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { +- OPENSSL_free(co_list); +- return NULL; ++ goto err; + } + ++#ifdef SYSTEM_CIPHERS_FILE ++ OPENSSL_free(new_rules); /* Not needed anymore */ ++#endif ++ + /* Add TLSv1.3 ciphers first - we always prefer those if possible */ + for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { + const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); +@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + *cipher_list = cipherstack; + + return cipherstack; ++ ++err: ++ OPENSSL_free(co_list); ++#ifdef SYSTEM_CIPHERS_FILE ++ OPENSSL_free(new_rules); ++#endif ++ return NULL; ++ + } + + char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index d14d5819ba..48d491219a 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) + ctx->tls13_ciphersuites, + &(ctx->cipher_list), + &(ctx->cipher_list_by_id), +- OSSL_default_cipher_list(), ctx->cert); ++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert); + if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { + ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + return 0; +@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, + if (!ssl_create_cipher_list(ret, + ret->tls13_ciphersuites, + &ret->cipher_list, &ret->cipher_list_by_id, +- OSSL_default_cipher_list(), ret->cert) ++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert) + || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { + ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); + goto err2; +diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c +index 380f0727fc..6922a87c30 100644 +--- a/test/cipherlist_test.c ++++ b/test/cipherlist_test.c +@@ -244,7 +244,9 @@ end: + + int setup_tests(void) + { ++#ifndef SYSTEM_CIPHERS_FILE + ADD_TEST(test_default_cipherlist_implicit); ++#endif + ADD_TEST(test_default_cipherlist_explicit); + ADD_TEST(test_default_cipherlist_clear); + return 1; +diff --git a/util/libcrypto.num b/util/libcrypto.num +index 404a706fab..e81fa9ec3e 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: + ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: + EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: + EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: ++ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +-- +2.26.2 + +diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure +--- openssl-3.0.0-beta1/Configure.sys-default 2021-06-29 11:47:58.978144386 +0200 ++++ openssl-3.0.0-beta1/Configure 2021-06-29 11:52:01.631126260 +0200 +@@ -27,7 +27,7 @@ use OpenSSL::config; + my $orig_death_handler = $SIG{__DIE__}; + $SIG{__DIE__} = \&death_handler; + +-my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; ++my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; + + my $banner = <<"EOF"; + +@@ -61,6 +61,10 @@ EOF + # given with --prefix. + # This becomes the value of OPENSSLDIR in Makefile and in C. + # (Default: PREFIX/ssl) ++# ++# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM ++# cipher is specified (default). ++# + # --banner=".." Output specified text instead of default completion banner + # + # -w Don't wait after showing a Configure warning +@@ -385,6 +389,7 @@ $config{prefix}=""; + $config{openssldir}=""; + $config{processor}=""; + $config{libdir}=""; ++$config{system_ciphers_file}=""; + my $auto_threads=1; # enable threads automatically? true by default + my $default_ranlib; + +@@ -987,6 +992,10 @@ while (@argvcopy) + die "FIPS key too long (64 bytes max)\n" + if length $1 > 64; + } ++ elsif (/^--system-ciphers-file=(.*)$/) ++ { ++ $config{system_ciphers_file}=$1; ++ } + elsif (/^--banner=(.*)$/) + { + $banner = $1 . "\n"; diff --git a/0008-Add-FIPS_mode-compatibility-macro.patch b/0008-Add-FIPS_mode-compatibility-macro.patch new file mode 100644 index 0000000000000000000000000000000000000000..0fac4ebfe91a2d2ad2fd27b07f42085d8e40a29b --- /dev/null +++ b/0008-Add-FIPS_mode-compatibility-macro.patch @@ -0,0 +1,87 @@ +From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 26 Nov 2020 14:00:16 +0100 +Subject: Add FIPS_mode() compatibility macro + +The macro calls EVP_default_properties_is_fips_enabled() on the +default context. +--- + include/openssl/crypto.h.in | 1 + + include/openssl/fips.h | 25 +++++++++++++++++++++++++ + test/property_test.c | 13 +++++++++++++ + 3 files changed, 39 insertions(+) + create mode 100644 include/openssl/fips.h + +diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in +index 1036da9a2b..9d4896fcaf 100644 +--- a/include/openssl/crypto.h.in ++++ b/include/openssl/crypto.h.in +@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros); + # include + # include + # include ++# include + + # ifdef CHARSET_EBCDIC + # include +diff --git a/include/openssl/fips.h b/include/openssl/fips.h +new file mode 100644 +index 0000000000..c64f0f8e8f +--- /dev/null ++++ b/include/openssl/fips.h +@@ -0,0 +1,25 @@ ++/* ++ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#ifndef OPENSSL_FIPS_H ++# define OPENSSL_FIPS_H ++# pragma once ++ ++# include ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL) ++ ++# ifdef __cplusplus ++} ++# endif ++#endif +diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c +--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200 ++++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200 +@@ -488,6 +488,18 @@ static int test_property_list_to_string( + return ret; + } + ++static int test_downstream_FIPS_mode(void) ++{ ++ int ret = 0; ++ ++ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes")) ++ && TEST_true(FIPS_mode()) ++ && TEST_true(EVP_set_default_properties(NULL, "fips=no")) ++ && TEST_false(FIPS_mode()); ++ ++ return ret; ++} ++ + int setup_tests(void) + { + ADD_TEST(test_property_string); +@@ -500,6 +512,7 @@ int setup_tests(void) + ADD_TEST(test_property); + ADD_TEST(test_query_cache_stochastic); + ADD_TEST(test_fips_mode); ++ ADD_TEST(test_downstream_FIPS_mode); + ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); + return 1; + } diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch new file mode 100644 index 0000000000000000000000000000000000000000..01bd840a0f96b41c8657f4121cc896f1bd449fa8 --- /dev/null +++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch @@ -0,0 +1,71 @@ +diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c +--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 ++++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 +@@ -12,11 +12,46 @@ + #include "internal/bio.h" + #include "internal/provider.h" + ++# include ++# include ++# include ++# include ++# include ++ + struct ossl_lib_ctx_onfree_list_st { + ossl_lib_ctx_onfree_fn *fn; + struct ossl_lib_ctx_onfree_list_st *next; + }; + ++# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" ++ ++static int kernel_fips_flag; ++ ++static void read_kernel_fips_flag(void) ++{ ++ char buf[2] = "0"; ++ int fd; ++ ++ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { ++ buf[0] = '1'; ++ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { ++ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; ++ close(fd); ++ } ++ ++ if (buf[0] == '1') { ++ kernel_fips_flag = 1; ++ } ++ ++ return; ++} ++ ++int ossl_get_kernel_fips_flag() ++{ ++ return kernel_fips_flag; ++} ++ ++ + struct ossl_lib_ctx_st { + CRYPTO_RWLOCK *lock; + CRYPTO_EX_DATA data; +@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte + + DEFINE_RUN_ONCE_STATIC(default_context_do_init) + { ++ read_kernel_fips_flag(); + return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) + && context_init(&default_context_int); + } +diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h +--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100 ++++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100 +@@ -110,6 +110,9 @@ int ossl_provider_init_as_child(OSSL_LIB + const OSSL_DISPATCH *in); + void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); + ++/* FIPS flag access */ ++int ossl_get_kernel_fips_flag(void); ++ + # ifdef __cplusplus + } + # endif diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch new file mode 100644 index 0000000000000000000000000000000000000000..51c9d23b8734d1996d6fa5b2293bb40ec7f537ba --- /dev/null +++ b/0011-Remove-EC-curves.patch @@ -0,0 +1,5013 @@ +diff -up openssl-3.0.0-alpha13/apps/speed.c.ec-curves openssl-3.0.0-alpha13/apps/speed.c +--- openssl-3.0.0-alpha13/apps/speed.c.ec-curves 2021-04-10 12:12:00.620129302 +0200 ++++ openssl-3.0.0-alpha13/apps/speed.c 2021-04-10 12:18:11.872369417 +0200 +@@ -364,68 +364,23 @@ static double ffdh_results[FFDH_NUM][1]; + #endif /* OPENSSL_NO_DH */ + + enum ec_curves_t { +- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, +-#ifndef OPENSSL_NO_EC2M +- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, +- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, +-#endif +- R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1, +- R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM ++ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, ++ ECDSA_NUM + }; + /* list of ecdsa curves */ + static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { +- {"ecdsap160", R_EC_P160}, +- {"ecdsap192", R_EC_P192}, + {"ecdsap224", R_EC_P224}, + {"ecdsap256", R_EC_P256}, + {"ecdsap384", R_EC_P384}, + {"ecdsap521", R_EC_P521}, +-#ifndef OPENSSL_NO_EC2M +- {"ecdsak163", R_EC_K163}, +- {"ecdsak233", R_EC_K233}, +- {"ecdsak283", R_EC_K283}, +- {"ecdsak409", R_EC_K409}, +- {"ecdsak571", R_EC_K571}, +- {"ecdsab163", R_EC_B163}, +- {"ecdsab233", R_EC_B233}, +- {"ecdsab283", R_EC_B283}, +- {"ecdsab409", R_EC_B409}, +- {"ecdsab571", R_EC_B571}, +-#endif +- {"ecdsabrp256r1", R_EC_BRP256R1}, +- {"ecdsabrp256t1", R_EC_BRP256T1}, +- {"ecdsabrp384r1", R_EC_BRP384R1}, +- {"ecdsabrp384t1", R_EC_BRP384T1}, +- {"ecdsabrp512r1", R_EC_BRP512R1}, +- {"ecdsabrp512t1", R_EC_BRP512T1} + }; + enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; + /* list of ecdh curves, extension of |ecdsa_choices| list above */ + static const OPT_PAIR ecdh_choices[EC_NUM] = { +- {"ecdhp160", R_EC_P160}, +- {"ecdhp192", R_EC_P192}, + {"ecdhp224", R_EC_P224}, + {"ecdhp256", R_EC_P256}, + {"ecdhp384", R_EC_P384}, + {"ecdhp521", R_EC_P521}, +-#ifndef OPENSSL_NO_EC2M +- {"ecdhk163", R_EC_K163}, +- {"ecdhk233", R_EC_K233}, +- {"ecdhk283", R_EC_K283}, +- {"ecdhk409", R_EC_K409}, +- {"ecdhk571", R_EC_K571}, +- {"ecdhb163", R_EC_B163}, +- {"ecdhb233", R_EC_B233}, +- {"ecdhb283", R_EC_B283}, +- {"ecdhb409", R_EC_B409}, +- {"ecdhb571", R_EC_B571}, +-#endif +- {"ecdhbrp256r1", R_EC_BRP256R1}, +- {"ecdhbrp256t1", R_EC_BRP256T1}, +- {"ecdhbrp384r1", R_EC_BRP384R1}, +- {"ecdhbrp384t1", R_EC_BRP384T1}, +- {"ecdhbrp512r1", R_EC_BRP512R1}, +- {"ecdhbrp512t1", R_EC_BRP512T1}, + {"ecdhx25519", R_EC_X25519}, + {"ecdhx448", R_EC_X448} + }; +@@ -1449,31 +1404,10 @@ int speed_main(int argc, char **argv) + */ + static const EC_CURVE ec_curves[EC_NUM] = { + /* Prime Curves */ +- {"secp160r1", NID_secp160r1, 160}, +- {"nistp192", NID_X9_62_prime192v1, 192}, + {"nistp224", NID_secp224r1, 224}, + {"nistp256", NID_X9_62_prime256v1, 256}, + {"nistp384", NID_secp384r1, 384}, + {"nistp521", NID_secp521r1, 521}, +-#ifndef OPENSSL_NO_EC2M +- /* Binary Curves */ +- {"nistk163", NID_sect163k1, 163}, +- {"nistk233", NID_sect233k1, 233}, +- {"nistk283", NID_sect283k1, 283}, +- {"nistk409", NID_sect409k1, 409}, +- {"nistk571", NID_sect571k1, 571}, +- {"nistb163", NID_sect163r2, 163}, +- {"nistb233", NID_sect233r1, 233}, +- {"nistb283", NID_sect283r1, 283}, +- {"nistb409", NID_sect409r1, 409}, +- {"nistb571", NID_sect571r1, 571}, +-#endif +- {"brainpoolP256r1", NID_brainpoolP256r1, 256}, +- {"brainpoolP256t1", NID_brainpoolP256t1, 256}, +- {"brainpoolP384r1", NID_brainpoolP384r1, 384}, +- {"brainpoolP384t1", NID_brainpoolP384t1, 384}, +- {"brainpoolP512r1", NID_brainpoolP512r1, 512}, +- {"brainpoolP512t1", NID_brainpoolP512t1, 512}, + /* Other and ECDH only ones */ + {"X25519", NID_X25519, 253}, + {"X448", NID_X448, 448} +diff -up openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves openssl-3.0.0-alpha13/test/ecdsatest.h +--- openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves 2021-04-10 12:07:43.158013028 +0200 ++++ openssl-3.0.0-alpha13/test/ecdsatest.h 2021-04-10 12:11:21.601828737 +0200 +@@ -32,23 +32,6 @@ typedef struct { + } ecdsa_cavs_kat_t; + + static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = { +- /* prime KATs from X9.62 */ +- {NID_X9_62_prime192v1, NID_sha1, +- "616263", /* "abc" */ +- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", +- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" +- "5ca5c0d69716dfcb3474373902", +- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", +- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", +- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"}, +- {NID_X9_62_prime239v1, NID_sha1, +- "616263", /* "abc" */ +- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", +- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" +- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", +- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", +- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", +- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"}, + /* prime KATs from NIST CAVP */ + {NID_secp224r1, NID_sha224, + "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" +diff -up openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_genec.t +--- openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves 2021-04-10 11:59:37.453332668 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/15-test_genec.t 2021-04-10 12:03:43.363538976 +0200 +@@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport + if disabled("ec"); + + my @prime_curves = qw( +- secp112r1 +- secp112r2 +- secp128r1 +- secp128r2 +- secp160k1 +- secp160r1 +- secp160r2 +- secp192k1 +- secp224k1 + secp224r1 + secp256k1 + secp384r1 + secp521r1 +- prime192v1 +- prime192v2 +- prime192v3 +- prime239v1 +- prime239v2 +- prime239v3 + prime256v1 +- wap-wsg-idm-ecid-wtls6 +- wap-wsg-idm-ecid-wtls7 +- wap-wsg-idm-ecid-wtls8 +- wap-wsg-idm-ecid-wtls9 +- wap-wsg-idm-ecid-wtls12 +- brainpoolP160r1 +- brainpoolP160t1 +- brainpoolP192r1 +- brainpoolP192t1 +- brainpoolP224r1 +- brainpoolP224t1 +- brainpoolP256r1 +- brainpoolP256t1 +- brainpoolP320r1 +- brainpoolP320t1 +- brainpoolP384r1 +- brainpoolP384t1 +- brainpoolP512r1 +- brainpoolP512t1 + ); + + my @binary_curves = qw( +@@ -136,7 +102,6 @@ push(@other_curves, 'SM2') + if !disabled("sm2"); + + my @curve_aliases = qw( +- P-192 + P-224 + P-256 + P-384 +diff -up openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t +--- openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves 2021-04-10 12:40:59.871858764 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t 2021-04-10 12:41:41.140455070 +0200 +@@ -33,7 +33,7 @@ my %certs_info = + 'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit', + 'ee-cert-ec-named-named' => 'ca-cert-ec-named', + # 'server-ed448-cert' => 'root-ed448-cert' +- 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', ++ # 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', + ) + ) + ); +diff -up openssl-3.0.0-alpha13/test/recipes/15-test_ec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_ec.t +diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t +diff -up openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t.ec-curves openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 13:21:52.123040226 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 13:28:20.856023985 +0200 +@@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server + client = 22-ECDSA with brainpool-client + + [22-ECDSA with brainpool-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-Groups = brainpoolP256r1 +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [22-ECDSA with brainpool-client] + CipherString = aECDSA +-Groups = brainpoolP256r1 + MaxProtocol = TLSv1.2 + RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -791,9 +789,6 @@ VerifyMode = Peer + + [test-22] + ExpectedResult = Success +-ExpectedServerCANames = empty +-ExpectedServerCertType = brainpoolP256r1 +-ExpectedServerSignType = EC + + + # =========================================================== +@@ -1741,9 +1736,9 @@ server = 53-TLS 1.3 ECDSA with brainpool + client = 53-TLS 1.3 ECDSA with brainpool-client + + [53-TLS 1.3 ECDSA with brainpool-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [53-TLS 1.3 ECDSA with brainpool-client] + CipherString = DEFAULT +@@ -1754,7 +1749,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro + VerifyMode = Peer + + [test-53] +-ExpectedResult = ServerFail ++ExpectedResult = Success + + + # =========================================================== +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 13:22:06.275221662 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 13:35:18.774623319 +0200 +@@ -428,21 +428,21 @@ my @tests_non_fips = ( + { + name => "ECDSA with brainpool", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), +- "Groups" => "brainpoolP256r1", ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), ++ #"Groups" => "brainpoolP256r1", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), +- "Groups" => "brainpoolP256r1", ++ #"Groups" => "brainpoolP256r1", + }, + test => { +- "ExpectedServerCertType" =>, "brainpoolP256r1", +- "ExpectedServerSignType" =>, "EC", ++ #"ExpectedServerCertType" =>, "brainpoolP256r1", ++ #"ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 +- "ExpectedServerCANames" =>, "empty", ++ #"ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, +@@ -915,8 +915,8 @@ my @tests_tls_1_3_non_fips = ( + { + name => "TLS 1.3 ECDSA with brainpool", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), + }, + client => { + "RequestCAFile" => test_pem("root-cert.pem"), +@@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = ( + "MaxProtocol" => "TLSv1.3" + }, + test => { +- "ExpectedResult" => "ServerFail" ++ "ExpectedResult" => "Success" + }, + }, + ); +diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t +--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:00:22.482782216 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:08:50.769727651 +0200 +@@ -158,60 +158,6 @@ sub tsignverify { + $testtext); + } + +-SKIP : { +- skip "FIPS EC tests because of no ec in this build", 1 +- if disabled("ec"); +- +- subtest EC => sub { +- my $testtext_prefix = 'EC'; +- my $a_fips_curve = 'prime256v1'; +- my $fips_key = $testtext_prefix.'.fips.priv.pem'; +- my $fips_pub_key = $testtext_prefix.'.fips.pub.pem'; +- my $a_nonfips_curve = 'brainpoolP256r1'; +- my $nonfips_key = $testtext_prefix.'.nonfips.priv.pem'; +- my $nonfips_pub_key = $testtext_prefix.'.nonfips.pub.pem'; +- my $testtext = ''; +- my $curvename = ''; +- +- plan tests => 5 + $tsignverify_count; +- +- $ENV{OPENSSL_CONF} = $defaultconf; +- $curvename = $a_nonfips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a non-FIPS algorithm with the default provider'; +- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $nonfips_key])), +- $testtext); +- +- pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS"); +- +- $ENV{OPENSSL_CONF} = $fipsconf; +- +- $curvename = $a_fips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a FIPS algorithm'; +- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $fips_key])), +- $testtext); +- +- pubfrompriv($testtext_prefix, $fips_key, $fips_pub_key, "FIPS"); +- +- $curvename = $a_nonfips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a non-FIPS algorithm'. +- ' (should fail)'; +- ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])), +- $testtext); +- +- tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key, +- $nonfips_pub_key); +- }; +-} +- + SKIP: { + skip "FIPS RSA tests because of no rsa in this build", 1 + if disabled("rsa"); +diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t +--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:23:09.805468483 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:23:33.002784265 +0200 +@@ -26,7 +26,7 @@ use platform; + my $no_check = disabled("fips") || disabled('fips-securitychecks'); + plan skip_all => "Test only supported in a fips build with security checks" + if $no_check; +-plan tests => 11; ++plan tests => 10; + + my $fipsmodule = bldtop_file('providers', platform->dso('fips')); + my $fipsconf = srctop_file("test", "fips-and-base.cnf"); +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 17:52:46.478721611 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 17:54:11.371688446 +0200 +@@ -1710,20 +1710,18 @@ server = 52-TLS 1.3 ECDSA with brainpool + client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client + + [52-TLS 1.3 ECDSA with brainpool but no suitable groups-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-Groups = brainpoolP256r1 +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [52-TLS 1.3 ECDSA with brainpool but no suitable groups-client] + CipherString = aECDSA +-Groups = brainpoolP256r1 + RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + + [test-52] +-ExpectedResult = ClientFail ++ExpectedResult = Success + + + # =========================================================== +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 17:53:03.317913390 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 17:55:22.507498606 +0200 +@@ -896,20 +896,20 @@ my @tests_tls_1_3_non_fips = ( + { + name => "TLS 1.3 ECDSA with brainpool but no suitable groups", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), +- "Groups" => "brainpoolP256r1", ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), ++ #"Groups" => "brainpoolP256r1", + }, + client => { + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), +- "Groups" => "brainpoolP256r1", ++ #"Groups" => "brainpoolP256r1", + }, + test => { + #We only configured brainpoolP256r1 on the client side, but TLSv1.3 + #is enabled and this group is not allowed in TLSv1.3. Therefore this + #should fail +- "ExpectedResult" => "ClientFail" ++ "ExpectedResult" => "Success" + }, + }, + { +diff -up openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha13/crypto/evp/ec_support.c +--- openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves 2021-04-11 11:13:14.236891844 +0200 ++++ openssl-3.0.0-alpha13/crypto/evp/ec_support.c 2021-04-11 11:12:05.128098714 +0200 +@@ -20,99 +20,13 @@ typedef struct ec_name2nid_st { + static const EC_NAME2NID curve_list[] = { + /* prime field curves */ + /* secg curves */ +- {"secp112r1", NID_secp112r1 }, +- {"secp112r2", NID_secp112r2 }, +- {"secp128r1", NID_secp128r1 }, +- {"secp128r2", NID_secp128r2 }, +- {"secp160k1", NID_secp160k1 }, +- {"secp160r1", NID_secp160r1 }, +- {"secp160r2", NID_secp160r2 }, +- {"secp192k1", NID_secp192k1 }, + {"secp224k1", NID_secp224k1 }, + {"secp224r1", NID_secp224r1 }, + {"secp256k1", NID_secp256k1 }, + {"secp384r1", NID_secp384r1 }, + {"secp521r1", NID_secp521r1 }, + /* X9.62 curves */ +- {"prime192v1", NID_X9_62_prime192v1 }, +- {"prime192v2", NID_X9_62_prime192v2 }, +- {"prime192v3", NID_X9_62_prime192v3 }, +- {"prime239v1", NID_X9_62_prime239v1 }, +- {"prime239v2", NID_X9_62_prime239v2 }, +- {"prime239v3", NID_X9_62_prime239v3 }, + {"prime256v1", NID_X9_62_prime256v1 }, +- /* characteristic two field curves */ +- /* NIST/SECG curves */ +- {"sect113r1", NID_sect113r1 }, +- {"sect113r2", NID_sect113r2 }, +- {"sect131r1", NID_sect131r1 }, +- {"sect131r2", NID_sect131r2 }, +- {"sect163k1", NID_sect163k1 }, +- {"sect163r1", NID_sect163r1 }, +- {"sect163r2", NID_sect163r2 }, +- {"sect193r1", NID_sect193r1 }, +- {"sect193r2", NID_sect193r2 }, +- {"sect233k1", NID_sect233k1 }, +- {"sect233r1", NID_sect233r1 }, +- {"sect239k1", NID_sect239k1 }, +- {"sect283k1", NID_sect283k1 }, +- {"sect283r1", NID_sect283r1 }, +- {"sect409k1", NID_sect409k1 }, +- {"sect409r1", NID_sect409r1 }, +- {"sect571k1", NID_sect571k1 }, +- {"sect571r1", NID_sect571r1 }, +- /* X9.62 curves */ +- {"c2pnb163v1", NID_X9_62_c2pnb163v1 }, +- {"c2pnb163v2", NID_X9_62_c2pnb163v2 }, +- {"c2pnb163v3", NID_X9_62_c2pnb163v3 }, +- {"c2pnb176v1", NID_X9_62_c2pnb176v1 }, +- {"c2tnb191v1", NID_X9_62_c2tnb191v1 }, +- {"c2tnb191v2", NID_X9_62_c2tnb191v2 }, +- {"c2tnb191v3", NID_X9_62_c2tnb191v3 }, +- {"c2pnb208w1", NID_X9_62_c2pnb208w1 }, +- {"c2tnb239v1", NID_X9_62_c2tnb239v1 }, +- {"c2tnb239v2", NID_X9_62_c2tnb239v2 }, +- {"c2tnb239v3", NID_X9_62_c2tnb239v3 }, +- {"c2pnb272w1", NID_X9_62_c2pnb272w1 }, +- {"c2pnb304w1", NID_X9_62_c2pnb304w1 }, +- {"c2tnb359v1", NID_X9_62_c2tnb359v1 }, +- {"c2pnb368w1", NID_X9_62_c2pnb368w1 }, +- {"c2tnb431r1", NID_X9_62_c2tnb431r1 }, +- /* +- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves +- * from X9.62] +- */ +- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 }, +- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 }, +- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 }, +- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 }, +- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 }, +- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 }, +- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 }, +- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 }, +- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 }, +- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 }, +- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 }, +- /* IPSec curves */ +- {"Oakley-EC2N-3", NID_ipsec3 }, +- {"Oakley-EC2N-4", NID_ipsec4 }, +- /* brainpool curves */ +- {"brainpoolP160r1", NID_brainpoolP160r1 }, +- {"brainpoolP160t1", NID_brainpoolP160t1 }, +- {"brainpoolP192r1", NID_brainpoolP192r1 }, +- {"brainpoolP192t1", NID_brainpoolP192t1 }, +- {"brainpoolP224r1", NID_brainpoolP224r1 }, +- {"brainpoolP224t1", NID_brainpoolP224t1 }, +- {"brainpoolP256r1", NID_brainpoolP256r1 }, +- {"brainpoolP256t1", NID_brainpoolP256t1 }, +- {"brainpoolP320r1", NID_brainpoolP320r1 }, +- {"brainpoolP320t1", NID_brainpoolP320t1 }, +- {"brainpoolP384r1", NID_brainpoolP384r1 }, +- {"brainpoolP384t1", NID_brainpoolP384t1 }, +- {"brainpoolP512r1", NID_brainpoolP512r1 }, +- {"brainpoolP512t1", NID_brainpoolP512t1 }, +- /* SM2 curve */ +- {"SM2", NID_sm2 }, + }; + + const char *OSSL_EC_curve_nid2name(int nid) +diff -up openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves openssl-3.0.0-alpha13/test/acvp_test.inc +--- openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves 2021-04-11 13:46:57.286828933 +0200 ++++ openssl-3.0.0-alpha13/test/acvp_test.inc 2021-04-11 13:48:01.356704526 +0200 +@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_ + }; + static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { + { +- "SHA-1", +- "P-192", +- ITM(ecdsa_sigver_msg0), +- ITM(ecdsa_sigver_pub0), +- ITM(ecdsa_sigver_r0), +- ITM(ecdsa_sigver_s0), +- PASS, +- }, +- { + "SHA2-512", + "P-521", + ITM(ecdsa_sigver_msg1), +diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t +--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves 2021-04-11 21:45:04.949948725 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t 2021-04-11 21:44:09.585283604 +0200 +@@ -7,7 +7,6 @@ + # this file except in compliance with the License. You can obtain a copy + # in the file LICENSE in the source distribution or at + # https://www.openssl.org/source/license.html +- + use strict; + use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; + use OpenSSL::Test::Utils; +@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo + plan skip_all => "This test is not supported in a shared library build on Windows" + if $^O eq 'MSWin32' && !disabled("shared"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_protect_test", + data_file("server.pem"), +diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t +--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves 2021-04-11 21:45:25.414194574 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t 2021-04-11 21:44:40.786658440 +0200 +@@ -7,7 +7,6 @@ + # this file except in compliance with the License. You can obtain a copy + # in the file LICENSE in the source distribution or at + # https://www.openssl.org/source/license.html +- + use strict; + use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; + use OpenSSL::Test::Utils; +@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo + plan skip_all => "This test is not supported in a no-ec build" + if disabled("ec"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_vfy_test", + data_file("server.crt"), data_file("client.crt"), +diff -up openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha15/crypto/evp/ec_support.c +--- openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves 2021-04-23 18:15:12.571691284 +0200 ++++ openssl-3.0.0-alpha15/crypto/evp/ec_support.c 2021-04-23 18:16:00.803087403 +0200 +@@ -28,7 +28,6 @@ static const EC_NAME2NID curve_list[] = + static const EC_NAME2NID curve_list[] = { + /* prime field curves */ + /* secg curves */ +- {"secp224k1", NID_secp224k1 }, + {"secp224r1", NID_secp224r1 }, + {"secp256k1", NID_secp256k1 }, + {"secp384r1", NID_secp384r1 }, +diff -up openssl-3.0.0-alpha15/apps/speed.c.ec-curves openssl-3.0.0-alpha15/apps/speed.c +--- openssl-3.0.0-alpha15/apps/speed.c.ec-curves 2021-04-26 14:25:44.049991942 +0200 ++++ openssl-3.0.0-alpha15/apps/speed.c 2021-04-26 14:36:10.643570273 +0200 +@@ -1439,8 +1439,8 @@ int speed_main(int argc, char **argv) + OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448); + OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0); + +- OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1); +- OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0); ++ OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_secp521r1); ++ OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsap521") == 0); + + #ifndef OPENSSL_NO_SM2 + OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2); +diff -up openssl-3.0.0-alpha16/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha16/test/evp_extra_test.c +--- openssl-3.0.0-alpha16/test/evp_extra_test.c.ec-curves 2021-05-10 14:44:28.932751551 +0200 ++++ openssl-3.0.0-alpha16/test/evp_extra_test.c 2021-05-10 14:45:21.537238883 +0200 +@@ -2701,13 +2701,12 @@ err: + + #ifndef OPENSSL_NO_EC + static int ecpub_nids[] = { +- NID_brainpoolP256r1, NID_X9_62_prime256v1, ++ NID_X9_62_prime256v1, + NID_secp384r1, NID_secp521r1, + # ifndef OPENSSL_NO_EC2M + NID_sect233k1, NID_sect233r1, NID_sect283r1, + NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, + # endif +- NID_brainpoolP384r1, NID_brainpoolP512r1 + }; + + static int test_ecpub(int idx) +diff -up openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt.ec-curves openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt +--- openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt.ec-curves 2021-05-17 10:45:03.968368782 +0200 ++++ openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2021-05-17 10:45:54.211747865 +0200 +@@ -31,12 +31,6 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUP + x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ== + -----END PUBLIC KEY----- + +-PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe +-53YiHHK4SzR844PzgGe4nD6a +------END PUBLIC KEY----- +- + PrivateKey = RSA-2048 + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV +@@ -77,9 +71,3 @@ Result = KEYPAIR_TYPE_MISMATCH + + PrivPubKeyPair = RSA-2048:P-256-PUBLIC + Result = KEYPAIR_TYPE_MISMATCH +- +-PrivPubKeyPair = RSA-2048:KAS-ECC-CDH_K-163_C0-PUBLIC +-Result = KEYPAIR_TYPE_MISMATCH +- +-PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC +-Result = KEYPAIR_TYPE_MISMATCH +diff -up openssl-3.0.0-alpha16/test/recipes/30-test_evp.t.ec-curves openssl-3.0.0-alpha16/test/recipes/30-test_evp.t +--- openssl-3.0.0-alpha16/test/recipes/30-test_evp.t.ec-curves 2021-05-17 10:49:28.050844977 +0200 ++++ openssl-3.0.0-alpha16/test/recipes/30-test_evp.t 2021-05-17 10:53:53.480444576 +0200 +@@ -111,7 +111,6 @@ my @defltfiles = qw( + evppkey_kdf_tls1_prf.txt + evppkey_rsa.txt + ); +-push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; + push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; + + plan tests => +diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt +--- openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec 2021-06-29 16:24:56.863303499 +0200 ++++ openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt 2021-06-29 16:38:04.189996425 +0200 +@@ -11,1949 +11,6 @@ + # PrivPubKeyPair Sign Verify VerifyRecover + # and continue until a blank line. Lines starting with a pound sign are ignored. + +-Title=c2pnb163v1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb163v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUD1JfG8cLNP9418YW+hVhriqH6O5Y= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb163v1_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBXgoOgVlWTLQnrQZXgQuSBcIS3bQAlXQ+yJhS03B +-4G8rKQXbrc0mvWsF +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb163v1:ALICE_cf_c2pnb163v1_PUB +- +-PrivateKey=BOB_cf_c2pnb163v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUAc3EaoMmMORTzQhMkhPIXY+/jUSI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb163v1_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBn9J0jo39aFVZqhBsAKZ6bViAu6zBC8WaFGExnpZ +-KuBh8tP8VSTHPCHF +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb163v1:BOB_cf_c2pnb163v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v1 +-PeerKey=BOB_cf_c2pnb163v1_PUB +-SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v1 +-PeerKey=ALICE_cf_c2pnb163v1_PUB +-SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v1 +-PeerKey=BOB_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v1 +-PeerKey=ALICE_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 +- +-PublicKey=MALICE_cf_c2pnb163v1_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN +-/piKdhDD3dDKXUih +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v1 +-PeerKey=MALICE_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v1 +-PeerKey=MALICE_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb163v2 curve tests +- +-PrivateKey=ALICE_cf_c2pnb163v2 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUA4KFv7c1dygtVbdp/g2z2TqLAHkI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb163v2_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVnlL7lMBaASwCIJaf9x2LgNPVmEAb43huHQlo3Q +-4PzawHXQoYm/qgDd +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb163v2:ALICE_cf_c2pnb163v2_PUB +- +-PrivateKey=BOB_cf_c2pnb163v2 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUCEdYqClRWIl2m+X34e+DB2iZSxmQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb163v2_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVWNIKn7/WMfzuNnd5ws9J0DI2CfBkEJizZHAFqy +-kBF3juAQuARgxuT6 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb163v2:BOB_cf_c2pnb163v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v2 +-PeerKey=BOB_cf_c2pnb163v2_PUB +-SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v2 +-PeerKey=ALICE_cf_c2pnb163v2_PUB +-SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v2 +-PeerKey=BOB_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v2 +-PeerKey=ALICE_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 +- +-PublicKey=MALICE_cf_c2pnb163v2_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAABuVBl1V5uysY +-n6HANPEoMoK+7Sv0 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v2 +-PeerKey=MALICE_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v2 +-PeerKey=MALICE_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb163v3 curve tests +- +-PrivateKey=ALICE_cf_c2pnb163v3 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUBItB0y/QeJ+cCh9yoHf0zqLVyMZc= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb163v3_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEBx1HRyjuBMjt+vlbWaQbKOpNvWKFAslzEbPv6MpK +-YnObLnq34LRuWznb +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb163v3:ALICE_cf_c2pnb163v3_PUB +- +-PrivateKey=BOB_cf_c2pnb163v3 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUAXVHUHeP8Ioz7IqXOWbjaUXEHE5M= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb163v3_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAqXF7rsAZ40Z1PT4TeeC45RKTxP4AJBAdfuknJ/J +-DZnBLhxBwtqnfUpA +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb163v3:BOB_cf_c2pnb163v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v3 +-PeerKey=BOB_cf_c2pnb163v3_PUB +-SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v3 +-PeerKey=ALICE_cf_c2pnb163v3_PUB +-SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v3 +-PeerKey=BOB_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v3 +-PeerKey=ALICE_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 +- +-PublicKey=MALICE_cf_c2pnb163v3_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7jRlUg9oaLK +-LwAuHF8g5Y0JjJnI +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v3 +-PeerKey=MALICE_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v3 +-PeerKey=MALICE_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb176v1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb176v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAaZ1jV1jM9meV5iiNGPU/WMSfWOM= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb176v1_PUB +------BEGIN PUBLIC KEY----- +-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEPjME7IV6Tuz2P++wIT60hRxTkk0M0PNgvqYcUoCI +-iw3girDLhNzOu3IQ8Ac= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb176v1:ALICE_cf_c2pnb176v1_PUB +- +-PrivateKey=BOB_cf_c2pnb176v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAreyYbcF+ONIf64KmeSzV82OI/50= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb176v1_PUB +------BEGIN PUBLIC KEY----- +-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEpJn1IDmFj5LceLGfY2wlhI1VHq5vJ+qNIAOXVZhX +-uMtp6pzy63rCEK53bgs= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb176v1:BOB_cf_c2pnb176v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb176v1 +-PeerKey=BOB_cf_c2pnb176v1_PUB +-SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb176v1 +-PeerKey=ALICE_cf_c2pnb176v1_PUB +-SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb176v1 +-PeerKey=BOB_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb176v1 +-PeerKey=ALICE_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac +- +-PublicKey=MALICE_cf_c2pnb176v1_PUB +------BEGIN PUBLIC KEY----- +-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAE4ePri2opCoAUJIUQnaQlvDaxZd9bsdKnjWSvh+FL +-zXV3l5j8K3pow+GJBE4= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb176v1 +-PeerKey=MALICE_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb176v1 +-PeerKey=MALICE_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb208w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb208w1 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAiENroXMYNbK/7DQQwCpbXk00gnVd +-XF2k +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb208w1_PUB +------BEGIN PUBLIC KEY----- +-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEL+IHOL2IfeLRiE6Wqsc0Frqjq7t/JnBmhN1lMB9Y +-Yj3+Btcne4CPWf8KvfGjAdMs6JKP4A== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb208w1:ALICE_cf_c2pnb208w1_PUB +- +-PrivateKey=BOB_cf_c2pnb208w1 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAY1GZLynO/IDWwOOjEWUE7k+I/MkP +-cJot +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb208w1_PUB +------BEGIN PUBLIC KEY----- +-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAENBvdzCDOIvu9zo7reJq1ummhR+0jaDc+EoSlW984 +-cl9FTi/JJznwC+RNgwVfJ1WKJun1YA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb208w1:BOB_cf_c2pnb208w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb208w1 +-PeerKey=BOB_cf_c2pnb208w1_PUB +-SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb208w1 +-PeerKey=ALICE_cf_c2pnb208w1_PUB +-SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb208w1 +-PeerKey=BOB_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb208w1 +-PeerKey=ALICE_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b +- +-PublicKey=MALICE_cf_c2pnb208w1_PUB +------BEGIN PUBLIC KEY----- +-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEfuWB9pBZQin+VnmqgYVpbUpKxSQsnXxNqiDtVwqJ +-oPkHxRWnu5e7qI2idMcqaKDeeniUaA== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb208w1 +-PeerKey=MALICE_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb208w1 +-PeerKey=MALICE_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb272w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb272w1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEA0SoHwKAgKb7WQ+s0w1iNBemDZ3+f +-StHU67fpP7YoF8U= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb272w1_PUB +------BEGIN PUBLIC KEY----- +-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAE0IH60bGi46FDzEprGZ8EBK5uMMcVke/txeBRNGHQ +-DzG68r3EMLZkOfE1+g04MN7HgY7zt3jMYb8ImyLRmvqR2abjs6c= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb272w1:ALICE_cf_c2pnb272w1_PUB +- +-PrivateKey=BOB_cf_c2pnb272w1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEAFqB5GbPJ4d+X7ye7m05l/OirDqfn +-MOsOJ6xObBph3zQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb272w1_PUB +------BEGIN PUBLIC KEY----- +-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEIeIkcMHAuOgvHt2Wp52vVe0DYPNnUX79t/mLSx03 +-cUlDmcxL7vIXdx9hB4OmQBYbm+YLDNfTFGAIlDfr2tELpVVPWPo= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb272w1:BOB_cf_c2pnb272w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb272w1 +-PeerKey=BOB_cf_c2pnb272w1_PUB +-SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb272w1 +-PeerKey=ALICE_cf_c2pnb272w1_PUB +-SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb272w1 +-PeerKey=BOB_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb272w1 +-PeerKey=ALICE_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 +- +-PublicKey=MALICE_cf_c2pnb272w1_PUB +------BEGIN PUBLIC KEY----- +-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEvID3AM7qzpKDnOLFY00+E7EKZz/vS/pXgsUA3bWN +-oJF8ElXFXv59s/SykQBCTHPqzmUbVmrXmtD44Kt1wUBRJfuwxy4= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb272w1 +-PeerKey=MALICE_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb272w1 +-PeerKey=MALICE_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb304w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb304w1 +------BEGIN PRIVATE KEY----- +-MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAqJxh50ZIUXOJ1HE3cVkech9OTTPJ +-8jy/v5cFcO0X6dykHgnZ +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb304w1_PUB +------BEGIN PUBLIC KEY----- +-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEvoaqRX6qiNQiFH1BhgLCPTpYszoRhmlLirkvlw/Q +-iXBlfQ7U4g+iRR/kmu2RlwwOHgNNL+mWcvLkFfS8Kr4jzv1EY1Ecx96n21l0YQ== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb304w1:ALICE_cf_c2pnb304w1_PUB +- +-PrivateKey=BOB_cf_c2pnb304w1 +------BEGIN PRIVATE KEY----- +-MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAOScHepX+IwqC8TjyAJI1bkR3cYYt +-X9BbqYM9GQfVNSLHntTg +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb304w1_PUB +------BEGIN PUBLIC KEY----- +-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEYuAq/6Yw5HxMeMohlWmwl+ZK4ZQucfr1tWDKwhDb +-kAOUO2P/Q/H+uelM3VVwxeu6A1kaX7K0UZpNa96NRBwI4aevc+vOxCgYkGt9BA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb304w1:BOB_cf_c2pnb304w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb304w1 +-PeerKey=BOB_cf_c2pnb304w1_PUB +-SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb304w1 +-PeerKey=ALICE_cf_c2pnb304w1_PUB +-SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb304w1 +-PeerKey=BOB_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb304w1 +-PeerKey=ALICE_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 +- +-PublicKey=MALICE_cf_c2pnb304w1_PUB +------BEGIN PUBLIC KEY----- +-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEBZ5FuthQt0mxTJ8NQWN2J37kYT8ySD893IXEmXYP +-fMTr+CSNkf/sfF/13GEdVGnHmBgCH61sPWG69RgzdjRPprZFZxXjubIWYkp0DQ== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb304w1 +-PeerKey=MALICE_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb304w1 +-PeerKey=MALICE_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb368w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb368w1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0AXeSTXsHb2PEH12tZL8w2q6evA2mi +-KfLLIa1c29BTmM//oWdKpqeuvwMIBto= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb368w1_PUB +------BEGIN PUBLIC KEY----- +-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEmEBXcvMgnHwJW7wAKM4cqboco6zF01J9ntUwoACI +-euvf3cpPXBvxUawJXfO9FwFRQabDRagGP99Walidd2JW8nWDWZgZMKj15Wh+4bp2dZHc2tPIIHHd +-3makbwQ= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb368w1:ALICE_cf_c2pnb368w1_PUB +- +-PrivateKey=BOB_cf_c2pnb368w1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0Aq1R9M/mCMbJMj6VBUpBkS4HXywEz +-Qun6d6uXgyU4LZRszA7Dz9+eKbXEMsk= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb368w1_PUB +------BEGIN PUBLIC KEY----- +-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEJOSnsaXA9wb5p8CGLPvYI47Yf3IdZSbWQ3Sn6G2v +-At+zYlpzGax1oJ1CW8fGA0Gu0RnvAfDeW9vgrtzshH1Vy/Ni6a7LPho99PtUP2nzUBnv+hfhFSra +-gqfRaOs= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb368w1:BOB_cf_c2pnb368w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb368w1 +-PeerKey=BOB_cf_c2pnb368w1_PUB +-SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb368w1 +-PeerKey=ALICE_cf_c2pnb368w1_PUB +-SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb368w1 +-PeerKey=BOB_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb368w1 +-PeerKey=ALICE_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 +- +-PublicKey=MALICE_cf_c2pnb368w1_PUB +------BEGIN PUBLIC KEY----- +-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEWDn/U9rymClM/a0Q1mawHjQjvpxSehRWstSE+2Sd +-ubcZowJ+rw5LsEZteQyeVrCpKYUiIBmIVuFb2LDjtNLIJD1lr8C+vdco24ciLS9RzF/Dc9X+tcIj +-726e1BE= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb368w1 +-PeerKey=MALICE_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb368w1 +-PeerKey=MALICE_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb191v1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb191v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBgXyG7A4BvSmjKEl3aU+FQUt02p9U7x +-Jk4= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb191v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEG9iuZmnhz2H/YQKmVUaO//fm7hvV+CP5c2iszpR3 +-7lRimqLWHPyvKgcP+PRCIUom +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb191v1:ALICE_cf_c2tnb191v1_PUB +- +-PrivateKey=BOB_cf_c2tnb191v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBg4+2hv9x9HxFy0c2c1XESDdgOamHu0 +-MTU= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb191v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEdO/4ii8gi8eQfBrv3XmsOETwIfT8OIpBW/kUoHD+ +-adqalcB6SIWOfoJReDLcpxAD +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb191v1:BOB_cf_c2tnb191v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v1 +-PeerKey=BOB_cf_c2tnb191v1_PUB +-SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v1 +-PeerKey=ALICE_cf_c2tnb191v1_PUB +-SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v1 +-PeerKey=BOB_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v1 +-PeerKey=ALICE_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 +- +-PublicKey=MALICE_cf_c2tnb191v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPEwZ1wj +-iNoFyzyANZl8IDB0fF1RmZD6 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v1 +-PeerKey=MALICE_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v1 +-PeerKey=MALICE_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb191v2 curve tests +- +-PrivateKey=ALICE_cf_c2tnb191v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgQZHIQIPrAsbJqq4ZX3JdMrZAkaIGP +-jbo= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb191v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEAyQdwZYRIiv7O4/WRLDKJ249TM8dr2Y+Oz8rSxCI +-UVvJT/Jv9m462J6Iz1XOohhP +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb191v2:ALICE_cf_c2tnb191v2_PUB +- +-PrivateKey=BOB_cf_c2tnb191v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgThhW6d5QDaqM8yhm16q6Pu/VFBpf7 +-wcs= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb191v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEBVkB4O6fFvGzMHv4BF51muFA0npOGKoOdKbIIMQY +-JBIoz1RNNXTcgdpguLcrvcPJ +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb191v2:BOB_cf_c2tnb191v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v2 +-PeerKey=BOB_cf_c2tnb191v2_PUB +-SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v2 +-PeerKey=ALICE_cf_c2tnb191v2_PUB +-SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v2 +-PeerKey=BOB_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v2 +-PeerKey=ALICE_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce +- +-PublicKey=MALICE_cf_c2tnb191v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEA3yPV6Ilx7PU7dWIDzgKzFV07LNsn1EhMyLQaa5U +-2vqunpWef+/CaO2pFBcwwW+x +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v2 +-PeerKey=MALICE_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v2 +-PeerKey=MALICE_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb191v3 curve tests +- +-PrivateKey=ALICE_cf_c2tnb191v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgTPjf06B01Jq59qU1iczNuA29WfW+b +-erU= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb191v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEL4NGEUX2CXY18MyoH1inKq5kde9RGr25ODm/0BEX +-HWsGvDE2HC+6pL2BMl3MRCty +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb191v3:ALICE_cf_c2tnb191v3_PUB +- +-PrivateKey=BOB_cf_c2tnb191v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgUC2bC465JTXYLUaaET/r5n7X85gRH +-iSQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb191v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEPKekNkT9mQ8KRCTR2RwCFkhNvsjL+/mLHYzbMrYe +-QFIb5QwXAdbg2tEOl7yj9qkk +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb191v3:BOB_cf_c2tnb191v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v3 +-PeerKey=BOB_cf_c2tnb191v3_PUB +-SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v3 +-PeerKey=ALICE_cf_c2tnb191v3_PUB +-SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v3 +-PeerKey=BOB_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v3 +-PeerKey=ALICE_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 +- +-PublicKey=MALICE_cf_c2tnb191v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAESvPjWlLnANK2j38hHZ0uqueaniovkhwwdJZjrmUk +-n5vQBTxUzkIkMjL33v6Lr3z7 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v3 +-PeerKey=MALICE_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v3 +-PeerKey=MALICE_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb239v1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4fMJDhCEiuEf/RF6oGjHVcNwN+wCYG +-rJMnJLIXiCI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEUgG/uMWy4k0R/kbVJEapF6r5ik4Q9WPsDXAd0856 +-dVL8PvBXgixk2tKfyY1xUVebcEVlgdZP1pN1Xyvi +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb239v1:ALICE_cf_c2tnb239v1_PUB +- +-PrivateKey=BOB_cf_c2tnb239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4JLDwVJQw3+00FiZBDWFErd7PXnchH +-sfpZeV3i5FM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEcwKt31cWaoFUd7QxYSdwgMDOqEhjPbD3Z9AfR3tc +-G77/MY5z1oQegqImBog645vtPWI8lZd1zcl6QYRS +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb239v1:BOB_cf_c2tnb239v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v1 +-PeerKey=BOB_cf_c2tnb239v1_PUB +-SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v1 +-PeerKey=ALICE_cf_c2tnb239v1_PUB +-SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v1 +-PeerKey=BOB_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v1 +-PeerKey=ALICE_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 +- +-PublicKey=MALICE_cf_c2tnb239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEJFn89FF7xaa5m+XGxWKFwCH+Mu4rbxwi6lvhuEuT +-Itl/OAosALFh8xpt+N5gmKtUdhpjyok2udC4B/mY +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v1 +-PeerKey=MALICE_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v1 +-PeerKey=MALICE_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb239v2 curve tests +- +-PrivateKey=ALICE_cf_c2tnb239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4KU4YKdzFOkl6M1biHkxtVGD2uNXr6 +-GbEcp4PbJKU= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAEKzpycflUrsyqVV/+fzvC2+AuX3r0b0Syn8acvn78 +-VnKA9mZKwPLWhnMJcLyzarIzc/6/UcfYGNmTyUlG +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb239v2:ALICE_cf_c2tnb239v2_PUB +- +-PrivateKey=BOB_cf_c2tnb239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4HZQLKGKBpIKiyTq6XYZWQNph1oGP+ +-JLwCwn7lYx0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAETPSkhMs3JW3BG66FSfCov76JKdcRiBhMCW453Wku +-N7yBxBmWjeclHhnXIzfc4qM4qf9n3KzMSXejPVYg +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb239v2:BOB_cf_c2tnb239v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v2 +-PeerKey=BOB_cf_c2tnb239v2_PUB +-SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v2 +-PeerKey=ALICE_cf_c2tnb239v2_PUB +-SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v2 +-PeerKey=BOB_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v2 +-PeerKey=ALICE_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 +- +-PublicKey=MALICE_cf_c2tnb239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAES8fLc5mtVI0HqgKRJ7mN8MU1B0FBkiim6jCHYJf3 +-JYUX3Gn3Ai11cHie+nVb3z51jSkpDQENHESTv5K2 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v2 +-PeerKey=MALICE_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v2 +-PeerKey=MALICE_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb239v3 curve tests +- +-PrivateKey=ALICE_cf_c2tnb239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BZZXtcMw5GrpgHJLx4D8z7M6ocWdv +-rDl2fV9ObC8= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEOu2HIAUX+r6IbRlrPUJUBDL814dR++maVAAkUIjD +-H33ewqcI9ZLtpvuR8P8hgRNUTXlh1GWgrB6F21Eo +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb239v3:ALICE_cf_c2tnb239v3_PUB +- +-PrivateKey=BOB_cf_c2tnb239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BDxw3SA54y6uYOW1n4yZaUK22J9ef +-XG3HcQX+4i0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEVaEi76wyzlpzkkSElf4SmGZ7kf1ghHMP82HkGk7K +-BC10zUyppoSOAr0eX4pHAkDUF1m/KGoJa7QcJJww +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb239v3:BOB_cf_c2tnb239v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v3 +-PeerKey=BOB_cf_c2tnb239v3_PUB +-SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v3 +-PeerKey=ALICE_cf_c2tnb239v3_PUB +-SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v3 +-PeerKey=BOB_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v3 +-PeerKey=ALICE_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce +- +-PublicKey=MALICE_cf_c2tnb239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAELe/znC87/2ucKX7mXUUyiUvg67slWRdH+WHDct9d +-LcXDyB342ZN1nm0NCAmBMcLjohX0Zza0ji3YNjT1 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v3 +-PeerKey=MALICE_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v3 +-PeerKey=MALICE_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb359v1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb359v1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Afea/a1NrRf6rRRr/UDsI559ADTFP +-Bd5HaS33laTZkCdNLITw1UUrESUIOiU= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb359v1_PUB +------BEGIN PUBLIC KEY----- +-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEZMJU3QF9UJJp2m6qyCnhPuVlPKPHtav3DCgH27SY +-RLMN7C4rRmqiJakD11QtOforOgbPW5r/v7t4TUWIlq8jV7kapJNtxQtg/S87L0NQGgHBq/lnJL8x +-fN3Y +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb359v1:ALICE_cf_c2tnb359v1_PUB +- +-PrivateKey=BOB_cf_c2tnb359v1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Aaw+yr7Atz8CXjLsbI5msXLqxFoMr +-esHVfU53i6ucCsnPTWSDWSb5CePtI9g= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb359v1_PUB +------BEGIN PUBLIC KEY----- +-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEUQde0iyDHbsFJZ459d4zUhsrJYAkqndmEBRwSlg5 +-ZNX8SSS79Zf2HsQl+LWIZyzeYzoHobKXufChw9/H4ThS58VwV5/0hoE929PIgJ1MSEqr5LvJXi+b +-R8fe +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb359v1:BOB_cf_c2tnb359v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb359v1 +-PeerKey=BOB_cf_c2tnb359v1_PUB +-SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb359v1 +-PeerKey=ALICE_cf_c2tnb359v1_PUB +-SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb359v1 +-PeerKey=BOB_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb359v1 +-PeerKey=ALICE_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 +- +-PublicKey=MALICE_cf_c2tnb359v1_PUB +------BEGIN PUBLIC KEY----- +-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEDW1DxeJfyPPnxX4WiLM5ZnX9AypqqeKj7FTHxanl +-++A6FgVFjUCatt8Sr4xnSc3zDE0kh6f/wS9SbtCAi74i8HAX5SJiccCMPRkw6kBuHZgiG8EmFJ53 +-OEQw +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb359v1 +-PeerKey=MALICE_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb359v1 +-PeerKey=MALICE_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb431r1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb431r1 +------BEGIN PRIVATE KEY----- +-MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUAG1rgUnH3+PSxqlzt9+QTWv7PrYxz +-Qgqj5A2Mqi0LbdixVDciVSSgrU6keVu72oCmHVP+OQ== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb431r1_PUB +------BEGIN PUBLIC KEY----- +-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABFcQEDic9pYxtxStk/oBxafqyUux1kvEOOwR4FxJ +-pGEMTh8B+YfkWuq+IDY5zSqNKtg7cRlAFX2dlHhRSvNxrN3DJCrhe/TQq8SIYawcqEQnM39F8hHM +-7VQJLEsBpJ/WUonwMJXknjgfONP7GA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb431r1:ALICE_cf_c2tnb431r1_PUB +- +-PrivateKey=BOB_cf_c2tnb431r1 +------BEGIN PRIVATE KEY----- +-MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUBOsZrpI6hTgImR8DBhKOOrh2SvcT/ +-VwmzYnbuCRrtr/zwIQcqKKI1ztlrl+kxFxJfk5L7UQ== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb431r1_PUB +------BEGIN PUBLIC KEY----- +-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABHeTG6xjbsKKxn4oYQt9qUM9LrSPZfY11XsBmROc +-fb9kEbBLU+QixSbYZOrqPasesDV9dApDXF+w6EfIeNyJEK5Lk+aXamrn7fRMUAQ2m7+Odp87GgA+ +-8Cg6YpgbK314SK5STziqoZwzEISJ9w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb431r1:BOB_cf_c2tnb431r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb431r1 +-PeerKey=BOB_cf_c2tnb431r1_PUB +-SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb431r1 +-PeerKey=ALICE_cf_c2tnb431r1_PUB +-SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb431r1 +-PeerKey=BOB_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb431r1 +-PeerKey=ALICE_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 +- +-PublicKey=MALICE_cf_c2tnb431r1_PUB +------BEGIN PUBLIC KEY----- +-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABA/cHJ1bNJ2l3GcrT67WEoU0w/Ajy28T9X4XLv8a +-5EpnkembeFlRG8ILplDcZimE8kjNQWynAk+NbJRsIU/XLzcm7VXkkqEkx/yCQ/TOcbeB3qrpzWYr +-F3Cls9x60wuFYNc9d6eIe4B+puz9IQ== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb431r1 +-PeerKey=MALICE_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb431r1 +-PeerKey=MALICE_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=prime192v2 curve tests +- +-PrivateKey=ALICE_cf_prime192v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBh6rcgPFDmA2P4CGSrC7ii9DAjepljX +-sMM= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime192v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAET6wOPoDU3BeU7VKozsGEvDeJs//9Z/aNEcbbLQ0d +-g5IzsS/XMJzifjCJZgNsb7mi +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime192v2:ALICE_cf_prime192v2_PUB +- +-PrivateKey=BOB_cf_prime192v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBja4R9iZuiu95XEuM1558ArTwNnAl7M +-xqI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime192v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEcgWNAOL4pZCmouZl+be+rC0yLAJkm2YuPWs+FX2u +-Y6OU1aHkkspZTC1uUVWjchy5 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime192v2:BOB_cf_prime192v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime192v2 +-PeerKey=BOB_cf_prime192v2_PUB +-SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime192v2 +-PeerKey=ALICE_cf_prime192v2_PUB +-SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 +- +-Title=prime192v3 curve tests +- +-PrivateKey=ALICE_cf_prime192v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBij5blPQRKM1/9c57YDZXIIue80MDqx +-Igw= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime192v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE1+mLeiT/jjHO71IL/C/ZcnF6+yj9FV6eqfuPdHAi +-MsDRFCB6/h8TcCUFuospu5l0 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime192v3:ALICE_cf_prime192v3_PUB +- +-PrivateKey=BOB_cf_prime192v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBhgFP4fFLtm/yk5tsosBUBKTg370FOu +-92g= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime192v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEv35bOz0xqLeJqpZdZ8LyiUgsJMBEtN2UMJm8blX2 +-vMWAgEeLhzar86BUlS7dZwS7 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime192v3:BOB_cf_prime192v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime192v3 +-PeerKey=BOB_cf_prime192v3_PUB +-SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime192v3 +-PeerKey=ALICE_cf_prime192v3_PUB +-SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 +- +-Title=prime239v1 curve tests +- +-PrivateKey=ALICE_cf_prime239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5nH2mt/GUx+I/60NlcuQlrdupDXwMY +-SF/w+SUTNqY= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEMqQLCgDR9njkq9QELuOu+J/9YGcxJHULdvxHImLW +-RXqBUM5Xea+Qk2SKIpWcogxr2zFeQyeLj2bQysuo +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime239v1:ALICE_cf_prime239v1_PUB +- +-PrivateKey=BOB_cf_prime239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5RZgYV+j+zhwI12zCzB+mdPofMx0kB +-jZ9gplgXxzk= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEBR5m/kllh025oO4GvqALkjRliVv7q4x8ro/tkYnT +-L2U4hkT6xUeRu9QC4KOz7KUVH+nBbQASL4XQg/3C +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime239v1:BOB_cf_prime239v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime239v1 +-PeerKey=BOB_cf_prime239v1_PUB +-SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime239v1 +-PeerKey=ALICE_cf_prime239v1_PUB +-SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 +- +-Title=prime239v2 curve tests +- +-PrivateKey=ALICE_cf_prime239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5uLCwofbD2Suc/iIRhXJsPqZ4me87h +-+tFevsg1pPE= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAETH77jXHBItV673gTNK/HTFldo4VxPiscbideUgKd +-CWjdVsXebgAZbqQwf0h9QWcIgM7K7ODdW5kCuZ1G +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime239v2:ALICE_cf_prime239v2_PUB +- +-PrivateKey=BOB_cf_prime239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5nlF+ouuw3Ljkgy3pHkCN+/JoHAMyT +-KY0wlvJdo/w= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAELUQYo0UH8HbK/RMD2jVphBU+iB4OTOfvaaTlHq06 +-dcJ8a9a+mAQKhb1OZVEq1n4nQsgRiI1rPxugVERM +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime239v2:BOB_cf_prime239v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime239v2 +-PeerKey=BOB_cf_prime239v2_PUB +-SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime239v2 +-PeerKey=ALICE_cf_prime239v2_PUB +-SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf +- +-Title=prime239v3 curve tests +- +-PrivateKey=ALICE_cf_prime239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5J95JRhBDTzlyAPAfu6T2Pb9vK0NKu +-Y9AfhA2G+mI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEZEN48pqgLF08Yjj/8BLM2Nr5ZhpYxyBurbzKRuBb +-GLpzZLteJN9vZjN7ouNpMxLVUFQxTOwpsvUw86Lk +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime239v3:ALICE_cf_prime239v3_PUB +- +-PrivateKey=BOB_cf_prime239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5Z7rMZML1xeryBaYYr+QuMiQxHT44I +-d9bmIVvG3dM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEQUWKqohAPAoIYEZOvc1QwSlcB+gW0febaNxGOy47 +-LaIWdsNM7GJVP9xpdSwm/L+Dip/oH4E59f3SiOAd +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime239v3:BOB_cf_prime239v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime239v3 +-PeerKey=BOB_cf_prime239v3_PUB +-SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime239v3 +-PeerKey=ALICE_cf_prime239v3_PUB +-SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 +- +-Title=secp112r1 curve tests +- +-PrivateKey=ALICE_cf_secp112r1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6zC5ZzEIIdvY4Q7DS0uw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp112r1_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEYIawfjH3qRrJJWwuG3Ys5ZhDJsmdWi34aHgKAA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp112r1:ALICE_cf_secp112r1_PUB +- +-PrivateKey=BOB_cf_secp112r1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6WPx4YxBODium8BKDw0A== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp112r1_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEchh3iQdPN1rrzrpdZRQ95G6tvdwEBQ+gfu1tvA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp112r1:BOB_cf_secp112r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp112r1 +-PeerKey=BOB_cf_secp112r1_PUB +-SharedSecret=4ddd1d504b444d4be67ba2e4610a +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp112r1 +-PeerKey=ALICE_cf_secp112r1_PUB +-SharedSecret=4ddd1d504b444d4be67ba2e4610a +- +-Title=secp112r2 curve tests +- +-PrivateKey=ALICE_cf_secp112r2 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4GcvIx97ePHdAiH0Z9EA== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEHK9uNAILHBmPZdKKh79/nzYE0HbvC//rA7i0Xw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp112r2:ALICE_cf_secp112r2_PUB +- +-PrivateKey=BOB_cf_secp112r2 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4WzpVFZnZv9mvtpnYNyw== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEUzBLNQupqUpGgmZl9JVjKBpwusl52rFg5OVFJA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp112r2:BOB_cf_secp112r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp112r2 +-PeerKey=BOB_cf_secp112r2_PUB +-SharedSecret=a6d05c7ba5128a9685c705b5030b +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp112r2 +-PeerKey=ALICE_cf_secp112r2_PUB +-SharedSecret=a6d05c7ba5128a9685c705b5030b +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp112r2 +-PeerKey=BOB_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04f3280e92c269d794aa779efcef +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp112r2 +-PeerKey=ALICE_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04f3280e92c269d794aa779efcef +- +-PublicKey=MALICE_cf_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEsf2N4SfUZWtXPrUTmEyr71I/JSn8VtzQsFHuqQ== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_secp112r2 +-PeerKey=MALICE_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_secp112r2 +-PeerKey=MALICE_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=secp128r1 curve tests +- +-PrivateKey=ALICE_cf_secp128r1 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB+RX18d0+gKpdcKbJJTrEZ +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp128r1_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEG0XMAdrAZOPUW6L9ADU8XK8sZr7dtIcDinSWU1zSV9s= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp128r1:ALICE_cf_secp128r1_PUB +- +-PrivateKey=BOB_cf_secp128r1 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB/J9/eClt9mimGwOcOsjJF +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp128r1_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAE82nknsOS+u8mybP0KJqQhvm83gbPNTZOcvm0ZDVR5sU= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp128r1:BOB_cf_secp128r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp128r1 +-PeerKey=BOB_cf_secp128r1_PUB +-SharedSecret=5020f1b759da1f737a61a29a268d7669 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp128r1 +-PeerKey=ALICE_cf_secp128r1_PUB +-SharedSecret=5020f1b759da1f737a61a29a268d7669 +- +-Title=secp128r2 curve tests +- +-PrivateKey=ALICE_cf_secp128r2 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBALPaUYCnPgNiLhez93Z1Gi +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp128r2_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAEOKiPRGtZXwxmvTr35NmUkNsAGGk9RKNA4D5BE9ZrjZQ= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp128r2:ALICE_cf_secp128r2_PUB +- +-PrivateKey=BOB_cf_secp128r2 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBARg3vb436QgyHdyt6l/b6G +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp128r2_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAELph7h27BYjIINC2EddcpIOxKbdz8Xe7h3Az1ZuR9bAI= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp128r2:BOB_cf_secp128r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp128r2 +-PeerKey=BOB_cf_secp128r2_PUB +-SharedSecret=8f4d8c75141e9b084328222440eb5dfa +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp128r2 +-PeerKey=ALICE_cf_secp128r2_PUB +-SharedSecret=8f4d8c75141e9b084328222440eb5dfa +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp128r2 +-PeerKey=BOB_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=baaa0c16e16eef291001475d638e4830 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp128r2 +-PeerKey=ALICE_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=baaa0c16e16eef291001475d638e4830 +- +-PublicKey=MALICE_cf_secp128r2_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAE6h6RzJIp6HLR6RDOPtyzGDurkuE9aAaZqHosPTnkLxQ= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_secp128r2 +-PeerKey=MALICE_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_secp128r2 +-PeerKey=MALICE_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=secp160k1 curve tests +- +-PrivateKey=ALICE_cf_secp160k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAlxTBO50KwFwWKPtk1rutu68m+zI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp160k1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEcVWIjtPZn1cHckclpn5jKDCphQUVHxFN5tSeFG9wsJZT +-EvqPyLS64w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp160k1:ALICE_cf_secp160k1_PUB +- +-PrivateKey=BOB_cf_secp160k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAdrPkoNkRVUloiuwzruQszSUuwpY= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp160k1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAESGN41cAj8Fg4pAJM7FUKHiawbCR0b9unMpZWxqOKeW1/ +-bxT/CqEkyw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp160k1:BOB_cf_secp160k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp160k1 +-PeerKey=BOB_cf_secp160k1_PUB +-SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp160k1 +-PeerKey=ALICE_cf_secp160k1_PUB +-SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 +- +-Title=secp160r1 curve tests +- +-PrivateKey=ALICE_cf_secp160r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUAR6m1+jIBuJnSKx9fHmyAYhsnYe8= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp160r1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEO78GZuBaCfJjHK97c9N21z+4mm37b5x7/Hr3Xc4pUbtb +-OoNj/A+W9w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp160r1:ALICE_cf_secp160r1_PUB +- +-PrivateKey=BOB_cf_secp160r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUATqvd54Jj7TbnrLAd2dMYCpExLws= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp160r1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEBKDbBSPTwmb00MFvMtJMxQ2YDmcPOZHE8YbVr5hp8s5J +-Jwy17FaNNg== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp160r1:BOB_cf_secp160r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp160r1 +-PeerKey=BOB_cf_secp160r1_PUB +-SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp160r1 +-PeerKey=ALICE_cf_secp160r1_PUB +-SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 +- +-Title=secp160r2 curve tests +- +-PrivateKey=ALICE_cf_secp160r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUA3IsVg4R4paXaPATDHvzfnvM+vjQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp160r2_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAE4V+25YCpVkKF6NF/UPc1SYxohYWcf3qT3JDoPRhnm/rj +-mSqCCA6gUw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp160r2:ALICE_cf_secp160r2_PUB +- +-PrivateKey=BOB_cf_secp160r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAYT/5C7UpD17DnZm4ObswmGFMI1Q= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp160r2_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEB7YVzBmzhnIdouvN/nb8VMXCqO8dkhmebyVzoD0oAzuH +-nN+SfWr6aQ== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp160r2:BOB_cf_secp160r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp160r2 +-PeerKey=BOB_cf_secp160r2_PUB +-SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp160r2 +-PeerKey=ALICE_cf_secp160r2_PUB +-SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 +- +-Title=secp192k1 curve tests +- +-PrivateKey=ALICE_cf_secp192k1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBikVZrCZQB7ZtkhNfQYpjKHZ9KxXgooJ90= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp192k1_PUB +------BEGIN PUBLIC KEY----- +-MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEyV4EzMZglBXtYdn38hNTrCGflAsJprMkxkOlw58chZ25 +-6EAu7gVvYDTpnRkymKyH +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp192k1:ALICE_cf_secp192k1_PUB +- +-PrivateKey=BOB_cf_secp192k1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBiJQ/PunKGk9QPUyqIBGMgHKKg+yxJr5io= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp192k1_PUB +------BEGIN PUBLIC KEY----- +-MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAE990Tnmh9QQQHVHuLpfrAsgjvB9R2MJXzhBZN1WvtxLqF +-OZ2oFMP0Kfcr7HbI7a5j +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp192k1:BOB_cf_secp192k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp192k1 +-PeerKey=BOB_cf_secp192k1_PUB +-SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp192k1 +-PeerKey=ALICE_cf_secp192k1_PUB +-SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d +- +-Title=secp224k1 curve tests +- +-PrivateKey=ALICE_cf_secp224k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AZPk3TzxGhX7TljBBhJDLBfulAMp6Bh3W +-w40Qyg== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp224k1_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFK4EEACADOgAE4o7LGdJDixqJZ5imnqaX4IeE55NG4W0HEe72LVC7pmn2 +-e3m7uC92ZQhduF9lJli4dXD5en/1wkE= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp224k1:ALICE_cf_secp224k1_PUB +- +-PrivateKey=BOB_cf_secp224k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AdQ02GguRy3yHOjLkpoWb27QA/L1abfWe +-q2xUfA== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp224k1_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFK4EEACADOgAEzp00m0DaADn1mGiDCT7K1LZnoj/vCxHPowUDC9yQd17K +-KpJM5sGILrTkkgxqtt5pBeYE1NC1QUQ= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp224k1:BOB_cf_secp224k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp224k1 +-PeerKey=BOB_cf_secp224k1_PUB +-SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp224k1 +-PeerKey=ALICE_cf_secp224k1_PUB +-SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 +- + Title=secp256k1 curve tests + + PrivateKey=ALICE_cf_secp256k1 +@@ -1998,1323 +55,6 @@ Derive=BOB_cf_secp256k1 + PeerKey=ALICE_cf_secp256k1_PUB + SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1 + +-Title=sect113r1 curve tests +- +-PrivateKey=ALICE_cf_sect113r1 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8ALw9CgsuNBkkhhUHE8bQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect113r1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEASO9jcamlg1pRE7JffrTAe9kyRZO2xrymHXoGdnA +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect113r1:ALICE_cf_sect113r1_PUB +- +-PrivateKey=BOB_cf_sect113r1 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8A/9qbs8sTFNkjS9/4CuM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect113r1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEATykaf/cvJzLOUto1EbbAEz/3++nut6q0dcJOQeV +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect113r1:BOB_cf_sect113r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r1 +-PeerKey=BOB_cf_sect113r1_PUB +-SharedSecret=01ed16f1948dcb368a54004237842d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r1 +-PeerKey=ALICE_cf_sect113r1_PUB +-SharedSecret=01ed16f1948dcb368a54004237842d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r1 +-PeerKey=BOB_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e5f3e348c2a8a88d9590a639219 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r1 +-PeerKey=ALICE_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e5f3e348c2a8a88d9590a639219 +- +-PublicKey=MALICE_cf_sect113r1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect113r1 +-PeerKey=MALICE_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect113r1 +-PeerKey=MALICE_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect113r2 curve tests +- +-PrivateKey=ALICE_cf_sect113r2 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8AvovirHrqTxoKJ3l+7y0= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect113r2_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAFvQ4JgQTS8kjGeVfuITAS81qNcOQvt3PYa1HuCk +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect113r2:ALICE_cf_sect113r2_PUB +- +-PrivateKey=BOB_cf_sect113r2 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8ArUjgvp/goxRYb4WuQ80= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect113r2_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAUoS3of8y28meYu/NoI5AVdhJZCuDjMqFHTriWY4 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect113r2:BOB_cf_sect113r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r2 +-PeerKey=BOB_cf_sect113r2_PUB +-SharedSecret=0057a287ba1ea05cb4735e673647e1 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r2 +-PeerKey=ALICE_cf_sect113r2_PUB +-SharedSecret=0057a287ba1ea05cb4735e673647e1 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r2 +-PeerKey=BOB_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00fec2454e46732aca42b22b6d4f13 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r2 +-PeerKey=ALICE_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00fec2454e46732aca42b22b6d4f13 +- +-PublicKey=MALICE_cf_sect113r2_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAAAAAAAAAAAAAAAAAAAAAR3dbPHrhFekzJ7Azskr +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect113r2 +-PeerKey=MALICE_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect113r2 +-PeerKey=MALICE_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect131r1 curve tests +- +-PrivateKey=ALICE_cf_sect131r1 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEA5C6zHMQM7pXPZ6cJz72Niw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect131r1_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEBXCuXD6wOOif91GUlJNKXf8FBNw8crgqi5aEJEZbCdBJ +-Ag== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect131r1:ALICE_cf_sect131r1_PUB +- +-PrivateKey=BOB_cf_sect131r1 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEDYZmjiokBJ/SnTv8sskBR3A== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect131r1_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEB8vGy3OQXwWKcJUSSJbCtpMBjFgJeZxzAaI420+B1B+1 +-5A== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect131r1:BOB_cf_sect131r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r1 +-PeerKey=BOB_cf_sect131r1_PUB +-SharedSecret=05346248f77f81fff50cc656e119976871 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r1 +-PeerKey=ALICE_cf_sect131r1_PUB +-SharedSecret=05346248f77f81fff50cc656e119976871 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r1 +-PeerKey=BOB_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01f151ae26efa507acc2597356baf7e8ab +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r1 +-PeerKey=ALICE_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01f151ae26efa507acc2597356baf7e8ab +- +-PublicKey=MALICE_cf_sect131r1_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEAAAAAAAAAAAAAAAAAAAAAAABfiJEFG0vRzEGxk2BxjmK +-zw== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect131r1 +-PeerKey=MALICE_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect131r1 +-PeerKey=MALICE_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect131r2 curve tests +- +-PrivateKey=ALICE_cf_sect131r2 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnZRUKAQetk5kyUwhIaAyxg== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect131r2_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEA5+Y20L8q989I4jnKknZ7hcGlQ6RUIGni9RahT88kB/d +-dw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect131r2:ALICE_cf_sect131r2_PUB +- +-PrivateKey=BOB_cf_sect131r2 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnafx9vcMeoCqj/1YNuflzw== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect131r2_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEB2G2uNkhQNjjl0/Ov6UYpxoFaWNXO+qy7poV6cdrFN7z +-pA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect131r2:BOB_cf_sect131r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r2 +-PeerKey=BOB_cf_sect131r2_PUB +-SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r2 +-PeerKey=ALICE_cf_sect131r2_PUB +-SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r2 +-PeerKey=BOB_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r2 +-PeerKey=ALICE_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 +- +-PublicKey=MALICE_cf_sect131r2_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEAAAAAAAAAAAAAAAAAAAAAAAGG5fiIbgziwBZHVzTYqCY +-1w== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect131r2 +-PeerKey=MALICE_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect131r2 +-PeerKey=MALICE_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect163r1 curve tests +- +-PrivateKey=ALICE_cf_sect163r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAlbn4x1UGJnAimsXufB/UvUaxU5U= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect163r1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA0f195HCcD4D+7wWyl3QuPkRovG/ATy5l7fpMl4BNIg/ +-sbtEXluCzANF +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect163r1:ALICE_cf_sect163r1_PUB +- +-PrivateKey=BOB_cf_sect163r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAoStq6Fjb7nB2PNL6WrzKKqhCGdE= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect163r1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAul/oBKr9B5MsPHWGF+q07j0JC+WAxj1JzfcIXR98n+r +-9FHWU5LC5pDM +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect163r1:BOB_cf_sect163r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r1 +-PeerKey=BOB_cf_sect163r1_PUB +-SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r1 +-PeerKey=ALICE_cf_sect163r1_PUB +-SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r1 +-PeerKey=BOB_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r1 +-PeerKey=ALICE_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 +- +-PublicKey=MALICE_cf_sect163r1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJkXolVuGFa8fqmk +-cs0Bv7iJuVg1 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect163r1 +-PeerKey=MALICE_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect163r1 +-PeerKey=MALICE_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect193r1 curve tests +- +-PrivateKey=ALICE_cf_sect193r1 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkACmcvidKWLtPFB2xqg76F8VhM1Njzrkgo +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect193r1_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAeqP0VQobenduwtf4MPmlYQVDjUmxKq50QFHnaBfzwXY +-1TYShZZgBr0R6a5dUGCbiF0= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect193r1:ALICE_cf_sect193r1_PUB +- +-PrivateKey=BOB_cf_sect193r1 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkAKlSknQ66vpuLjC1mbQyfHOTdJ5Kw5jMh +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect193r1_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAaFZVIeqfV9wbPydaBSJKSWJjVyFVSB/QQB5rHonYQmK +-f40zok8PJS6ratIcZwk/n20= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect193r1:BOB_cf_sect193r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r1 +-PeerKey=BOB_cf_sect193r1_PUB +-SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r1 +-PeerKey=ALICE_cf_sect193r1_PUB +-SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r1 +-PeerKey=BOB_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r1 +-PeerKey=ALICE_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 +- +-PublicKey=MALICE_cf_sect193r1_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHeX7PX3e5n +-zROUg6/STkLp1D+L51L9+wY= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect193r1 +-PeerKey=MALICE_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect193r1 +-PeerKey=MALICE_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect193r2 curve tests +- +-PrivateKey=ALICE_cf_sect193r2 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAhjkv8lXK/nPp3Qc4IwL/29JUKWi2VBMp +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect193r2_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAIn7oSu3adu4ChNXniHKkMIv9gT24rpzzwAeCTDPIkUT +-kJ+Tit6e4RpgkB/dph4V+uI= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect193r2:ALICE_cf_sect193r2_PUB +- +-PrivateKey=BOB_cf_sect193r2 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAwGkR3qSQdfh7Q6KbJ4lH5FShGsX8o/jD +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect193r2_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAFdSLKI0tlwZDpkndutOLsnHii1aJO8snwEJ0m/AZgMp +-xiDevOQ/xE9SpMX25W7YqkU= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect193r2:BOB_cf_sect193r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r2 +-PeerKey=BOB_cf_sect193r2_PUB +-SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r2 +-PeerKey=ALICE_cf_sect193r2_PUB +-SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r2 +-PeerKey=BOB_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r2 +-PeerKey=ALICE_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 +- +-PublicKey=MALICE_cf_sect193r2_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfdLEkrvsO +-Y7+6QpEvOay9A4MJCUZfZmI= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect193r2 +-PeerKey=MALICE_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect193r2 +-PeerKey=MALICE_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect239k1 curve tests +- +-PrivateKey=ALICE_cf_sect239k1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4G4nbQDUtTnkrPOvDGIlhH9XdjirUSbTI5 +-5z6lf7o= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect239k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEf5paOMjzcnpVAPMQnIkikE4K2jne3ubX2TD1P3aedknF +-lUr6tOU4BsiUQJACF90rQ9/KdeR5mYvYHzvI +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect239k1:ALICE_cf_sect239k1_PUB +- +-PrivateKey=BOB_cf_sect239k1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4e0F0NpepAF+iNrEtoZeo4TrQFspkUNLcx +-Ly4Klfg= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect239k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEKnjJ4RHe+EiElXMrF4ou7VGy1pn0ZiO17FouF31Zbvjc +-TcbhfE6ziXM8sekQJBwcwRKQ9+G/Qzq/2A9x +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect239k1:BOB_cf_sect239k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect239k1 +-PeerKey=BOB_cf_sect239k1_PUB +-SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect239k1 +-PeerKey=ALICE_cf_sect239k1_PUB +-SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect239k1 +-PeerKey=BOB_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect239k1 +-PeerKey=ALICE_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 +- +-PublicKey=MALICE_cf_sect239k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect239k1 +-PeerKey=MALICE_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect239k1 +-PeerKey=MALICE_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls10 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls10 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1zvDMHGgcytka5KvlvQvJzTA4l2ts2NzBp +-SJiGyw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAZkrhWBz/Q4GB8DY4Ia114ew6H7Eg7ri2uxwxd3rAZs5 +-/ShvunNyndjCt3Qaq8sulBM0nUyERSDakyD+ +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls10:ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls10 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1SowkHU79PqokOfgllN53rNS8a3h1wFBY0 +-dKPkQg== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAGavw4ChHCoWplAumMEBwJgJ2aYtw+utu4vhWnscAPIT +-IJ4IiIGj18rCFBap1sgVbpXjhEBLYg6Itwv2 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls10:BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +-SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls11 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls11 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AkzS3zoqHNCLug/nwoYMQW3UigmZ9t56k +-5jp+FiY= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEABttgKKYeGZRmcH/5UZR56lOSgbU4TH2AuIhvj88AL6H +-zTCX9elzXpck+u22bnmkuvL2A8XKB5+fabMR +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls11:ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls11 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AWU05mbqPxsB749llNON1//l0w8RJJ3z5 +-h/kzfNM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAL6Xj/KCmXAQAAo847t0bl0wqBrteWRg93OvIJsPAAOE +-ehdIgJyruc3KsH0RFlipu5QD8pnGSIXvif19 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls11:BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +-SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 +-Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls12 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls12 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBxwvll9Eb9mm2Xadq1evIi1zIK+6u0Nv8bP +-LI9a +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAE0t0WqG/pFsiCt6agmebw3FCEWAzf9BpNLuzoCkPEe0Li +-bqn5udrckL6s3stwCTVFaZUfY2qS9QE= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls12:ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls12 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBz+5P6gpqXxbeXvvaD5W9Ft69BTxcn7zc6q +-K3Ax +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAEvyxedqaWkoAOMjaV5W3/tJpheiHAR0zV6BlIeUuGP2mx +-+xsOK9/QB7hzipq9cXx1K/dXu58EoSY= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls12:BOB_cf_wap-wsg-idm-ecid-wtls12_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls12 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB +-SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls12 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB +-SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b +- +-Title=wap-wsg-idm-ecid-wtls1 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA5ZNASTt4/g6XPQwRiQ0Q== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEACBNPI48xxsPVQBy07jRAAcWzbIkMo8BQotxpfGJ +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls1:ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA6+0x9qk0NIKHSRvlTemQ== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAEeHMSBTx/EtOu+bjBinALHSkQuJyiP3mg1tu+I2 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls1:BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +-SharedSecret=0040ba2fadc1da97c973e5e59ade31 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-SharedSecret=0040ba2fadc1da97c973e5e59ade31 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008919696215a89e03d6c4c9265d6b +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008919696215a89e03d6c4c9265d6b +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls3 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls3 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUDO2cHbqQBUxuJBl6UT9UrasuRVrI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEBRIzvK9o7eO2NGmtPFV/zo9/1mlvBwjG7+e6hbPG1KdI +-01f8oGBuXMQH +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls3:ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls3 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUAhZv9WZ00bDnU9MOaqEegP771nes= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAYOspjEbzyZw61jCtUrxARr+w66nBH+73QIvlaRVSG/4 +-hlBUf5kmG4Yn +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls3:BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +-SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls4 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls4 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8ACFOrBbOh5LjNtJQCuEE= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAW3K4Mus5+KAJVGLzEYrAYuCJSEYXFTo17aW0TwN +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls4:ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls4 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8Auz4XRc3Rg0bNcbrray8= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAI0F7ixGqOhnYpsuR80nAdTdSXM+YbcUbLe/U/xG +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls4:BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +-SharedSecret=0077378ddfdadff704a0b6646949e7 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-SharedSecret=0077378ddfdadff704a0b6646949e7 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008f3713fe1ff1fa5d5041899817d1 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008f3713fe1ff1fa5d5041899817d1 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls5 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls5 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUD9gVh3zbLTA7BuRVVi9T8QKZ1uco= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAH5xyUrvbuN+tWmRhwqrQfFHPHNUBKtAGvJuvSFVwTKk +-uFzn9fPvIDe6 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls5:ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls5 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUAr9ZlmuO7bNfqB42xUivJXyVHKNI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEBdXxEk0L2XAVzRNLPcnMxGXXyDfZAoA1Qw2XpOfVWIVR +-jdoMGRgUuJmO +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls5:BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +-SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN/piK +-dhDD3dDKXUih +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls6 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls6 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA4ayMbswPbvYMwpwo80jA== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAERPw/8Ip/RrXr0gMgLGRQeiQ4Qd6W+Li0ylGKzg== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls6:ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls6 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA6kbCpFt3tX2hYBQHMXbg== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAEhJXqpYGxE/l1X/LiBeyRbIcyzqPxUP5Tkv3U3w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls6:BOB_cf_wap-wsg-idm-ecid-wtls6_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls6 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB +-SharedSecret=b4cae255268f11a1e46fecad04c2 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls6 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB +-SharedSecret=b4cae255268f11a1e46fecad04c2 +- +-Title=wap-wsg-idm-ecid-wtls7 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls7 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUABcyzh4ot9ck/j4/3ehK0aYngYoM= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEwQLnZ70n45RLqRtAGNzEa3Rl/9nwyjqYUtw2eeHhnNLT +-feGY4CNH0w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls7:ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls7 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAPyrGRY1SR13hKQswS6yXs8w8PUQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEZGN44YbN5r3zcNtOHrvbQLt8/lE7BHp4D/9eKLmwFDn1 +-QneRu3xwPA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls7:BOB_cf_wap-wsg-idm-ecid-wtls7_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls7 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB +-SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls7 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB +-SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a +- +-Title=wap-wsg-idm-ecid-wtls8 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls8 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AnkC18b3pH2O5TIYIqAQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEJD0h4HEfchwxqhp9eMHh9gczQKHX4MtWVoAxKQ== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls8:ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls8 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AXxPMnqbl3rOuIM5nsvc= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEZawmRmzr9P+jihImUi6ykOzaSH484JhMKNdrgw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls8:BOB_cf_wap-wsg-idm-ecid-wtls8_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls8 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB +-SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls8 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB +-SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 +- +-Title=wap-wsg-idm-ecid-wtls9 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls9 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUALwvuKs3RLthMAsChbqKjXw6vTYo= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAET0ppOvd9DU4v+tkKDQ5wRBrN1FwD9+F9t5l3Im+mz3rw +-DB/RYdZuUg== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls9:ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls9 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUAgeb/vqEM7X5AAAxyBu3M+C8pWLM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAEWc37LGt6lt90iF4lhtDYNFdjAqoczebuNgzGff/Uq8ov +-a3EVJ9yK1A== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls9:BOB_cf_wap-wsg-idm-ecid-wtls9_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls9 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB +-SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls9 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB +-SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 +- +-# tests: 484 +- +-Title=zero x-coord regression tests +- +-PrivateKey=ALICE_zero_prime192v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhaPNk8jG5hSG6y8tUqUoOaNNsZ3APU +-pps= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime192v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe2hWBe5g +-DLNj216pEvK7XjoKLg5gNg8S +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime192v1 +-PeerKey=BOB_zero_prime192v1_PUB +-SharedSecret=baaffd49a8399d2ad52cbbe24d47b67afb4b3cf436f1cd65 +- +-PrivateKey=ALICE_zero_prime192v2 + -----BEGIN PRIVATE KEY----- + MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBj1AIQMJ7jqYIKCvxYAS+qKMmKmH0to + 41k= +@@ -3422,72 +162,6 @@ Derive=ALICE_zero_prime256v1 + PeerKey=BOB_zero_prime256v1_PUB + SharedSecret=c4f5607deb8501f1a4ba23fce4122a4343a17ada2c86a9c8e0d03d92d4a4c84c + +-PrivateKey=ALICE_zero_secp112r2 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4hh3tRkG3tnA0496ffMw== +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEAAAAAAAAAAAAAAAAAAAS5eEOWDV/Wk7w4djyDQ== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp112r2 +-PeerKey=BOB_zero_secp112r2_PUB +-SharedSecret=958cc1cb425713678830a4d7d95e +- +-PrivateKey=ALICE_zero_secp128r1 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBCykSzic/h3T2K6SkSP1SGt +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp128r1_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEAAAAAAAAAAAAAAAAAAAAAABya8M5aeOpNG3z799IdHc= +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp128r1 +-PeerKey=BOB_zero_secp128r1_PUB +-SharedSecret=5235d452066f126cd7e99eea00fd3068 +- +-PrivateKey=ALICE_zero_secp160r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUACoRnbig69XLlh5VcRexpbbn5zwA= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp160r1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAG/w1po29wYlxlygXs +-MGfbiGg5ng== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp160r1 +-PeerKey=BOB_zero_secp160r1_PUB +-SharedSecret=9ccd0ab8d093b6acdb3fe14c3736a0dfe61a4666 +- +-PrivateKey=ALICE_zero_secp160r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAQFGxInSw1eAvd45E9TUdbXtJGnA= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp160r2_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2 +-ZZZl2JFxDg== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp160r2 +-PeerKey=BOB_zero_secp160r2_PUB +-SharedSecret=303e0a282ac86f463fe834cb51b0057be42ed5ab +- + PrivateKey=ALICE_zero_secp384r1 + -----BEGIN PRIVATE KEY----- + ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDD6kgzKbg28zbQyVTdC0IdHbm0UCQt2Rdbi +@@ -3526,76 +200,6 @@ Derive=ALICE_zero_secp521r1 + PeerKey=BOB_zero_secp521r1_PUB + SharedSecret=003fc3028f61db94b20c7cd177923b6e73f12f0ab067c9ce8866755e3c82abb39c9863cde74fa80b32520bd7dd0eb156c30c08911503b67b2661f1264d09bb231423 + +-PrivateKey=ALICE_zero_wap-wsg-idm-ecid-wtls7 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAoGng7WzYr4P9vtdc3BS/UiNWmc0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2 +-ZZZl2JFxDg== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_wap-wsg-idm-ecid-wtls7 +-PeerKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB +-SharedSecret=6582fc03bbb340fcf24a5fe8fcdf722655efa8b9 +- +-# tests: 14 +- +-Title=prime192v1 curve tests +- +-PrivateKey=ALICE_cf_prime192v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhQFYLaobJ47BVWWZv/ByY8Ti69m/U9 +-TeI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime192v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEHYbt14KzucSpmKMrlDx1IGz/a28nDs21OjKgx3BK +-PZ78UrllIr69kgrYUKsRg4sd +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_prime192v1:ALICE_cf_prime192v1_PUB +- +-PrivateKey=BOB_cf_prime192v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhsbmKHAtygIqirkmUXSbniDJOx0/fI +-CWM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime192v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJA+FQcXq5Axzv8pLDslxq1QVt1hjN2i0TgoO6Yxp +-bAekMot69VorE8ibSzgJixXJ +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_prime192v1:BOB_cf_prime192v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime192v1 +-PeerKey=BOB_cf_prime192v1_PUB +-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime192v1 +-PeerKey=ALICE_cf_prime192v1_PUB +-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 +- +-# ECDH Bob with Alice peer : curves with less than 112 bits of strength cannot +-# be used for Key agreement in fips mode +-Availablein = fips +-Derive=BOB_cf_prime192v1 +-Securitycheck = 1 +-PeerKey=ALICE_cf_prime192v1_PUB +-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 +-Result = DERIVE_SET_PEER_ERROR +- + Title=prime256v1 curve tests + + PrivateKey=ALICE_cf_prime256v1 +@@ -3759,743 +363,3 @@ SharedSecret=01dd4aa9037bb4ad298b420998d + Derive=BOB_cf_secp521r1 + PeerKey=ALICE_cf_secp521r1_PUB + SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695 +- +-Title=sect163k1 curve tests +- +-PrivateKey=ALICE_cf_sect163k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUB905PYfmej8LzbzX6Bg51GJzXQjQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect163k1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBfvs5A1hD8YySP9O2ub8GEUfotVuBpfRx4GIHdAfx8wV +-1UVeTRnyAlWU +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect163k1:ALICE_cf_sect163k1_PUB +- +-PrivateKey=BOB_cf_sect163k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUCHPtCjJ4/K8ylQBcLlb5VE0bkaUE= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect163k1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBvgfX1mTRlt6Z4TE1D1MNWo4loH4AoeYa6oowK104LKk +-nsdg7isQ8XBD +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect163k1:BOB_cf_sect163k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163k1 +-PeerKey=BOB_cf_sect163k1_PUB +-SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163k1 +-PeerKey=ALICE_cf_sect163k1_PUB +-SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163k1 +-PeerKey=BOB_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163k1 +-PeerKey=ALICE_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 +- +-PublicKey=MALICE_cf_sect163k1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect163k1 +-PeerKey=MALICE_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect163k1 +-PeerKey=MALICE_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect163r2 curve tests +- +-PrivateKey=ALICE_cf_sect163r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBjCs/M3N31jsAueYrOq21vdETwAI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect163r2_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBd8Z1/HpA+89hF4I98EST3svWns3BAEbhWmL/fgxk2uu +-YwVrmqhgqH/C +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect163r2:ALICE_cf_sect163r2_PUB +- +-PrivateKey=BOB_cf_sect163r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBsiouT9Df+mwHWrpPg1JSrY9nqlI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect163r2_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBULqBZ+nhLhDEMYY8NEEzZ126MdxAcFXWv8zmPEH9505 +-8vT5zU3aq6HV +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect163r2:BOB_cf_sect163r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r2 +-PeerKey=BOB_cf_sect163r2_PUB +-SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r2 +-PeerKey=ALICE_cf_sect163r2_PUB +-SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r2 +-PeerKey=BOB_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r2 +-PeerKey=ALICE_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f +- +-PublicKey=MALICE_cf_sect163r2_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJbhbrfiSdZPSHD +-ZtqJwDlp802l +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect163r2 +-PeerKey=MALICE_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect163r2 +-PeerKey=MALICE_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect233k1 curve tests +- +-PrivateKey=ALICE_cf_sect233k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB0z/3heNFjJL+2sAT/38yRsN3kt2iXz7u+y +-Gua8Kw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect233k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALQyn0zJmOrHm4S2EIjxRe899PadBnfpYjLKWGvpAIzf +-MEG861Nv1IYJkmkO1xlfNHeeRtqFgsQVFKZh +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect233k1:ALICE_cf_sect233k1_PUB +- +-PrivateKey=BOB_cf_sect233k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB1I0ucrC4d9i6Z+0cbar5r7uKpF5iiQkSJA +-DFMTUA== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect233k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAatdqazxSghJ568CBFyMXhEvVeAiLewOY/jk9H5DAOB4 +-ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect233k1 +-PeerKey=BOB_cf_sect233k1_PUB +-SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect233k1 +-PeerKey=ALICE_cf_sect233k1_PUB +-SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect233k1 +-PeerKey=BOB_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect233k1 +-PeerKey=ALICE_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d +- +-PublicKey=MALICE_cf_sect233k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect233k1 +-PeerKey=MALICE_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect233k1 +-PeerKey=MALICE_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect233r1 curve tests +- +-PrivateKey=ALICE_cf_sect233r1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ATcy7zVpIsJ9rl5EIDmzRz5wxjrDIQyDm +-HP3Pt8Y= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect233r1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQMQHiJ44LiCnZkEg1zyww1h+idTbsw8E07P33WUAUfD +-NeQ4hWEhTXPnytIbEhFKpnd3j/FbyZnJqxh8 +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect233r1:ALICE_cf_sect233r1_PUB +- +-PrivateKey=BOB_cf_sect233r1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ALpOlFn4OfiIAkRAZGOsn7L6W3XoQBSV8 +-mQVC2pw= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect233r1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJQw+NWqFJXYw4dVMovzvw76OYnYOTaDaEPNW8ECAQbl +-TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect233r1 +-PeerKey=BOB_cf_sect233r1_PUB +-SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect233r1 +-PeerKey=ALICE_cf_sect233r1_PUB +-SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect233r1 +-PeerKey=BOB_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect233r1 +-PeerKey=ALICE_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 +- +-PublicKey=MALICE_cf_sect233r1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 +-Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect233r1 +-PeerKey=MALICE_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect233r1 +-PeerKey=MALICE_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect283k1 curve tests +- +-PrivateKey=ALICE_cf_sect283k1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQAY1Mi9rST7PiP1t03qYRczV/kSZ+VjQu8 +-5EFCgxyvkaLManw= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect283k1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBMjBO8WoxHS/vz8po52WZGxS+RK5yolrUe6tfbAMA3Sd +-5/JjBDVjOz95vM4gUnqzUWHN5nKBQtj6HiU9Q/R+zqg98OiQKTyA +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB +- +-PrivateKey=BOB_cf_sect283k1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQBCZC8Is+YSjgXJBBDioEl6gu14QpGHllD +-1J6957vBTPSQdH0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect283k1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAGEQKZVHYAlvtjHrFyZVm12qUb5j+T5/WNoC962+kwUM +-QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect283k1 +-PeerKey=BOB_cf_sect283k1_PUB +-SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect283k1 +-PeerKey=ALICE_cf_sect283k1_PUB +-SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect283k1 +-PeerKey=BOB_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect283k1 +-PeerKey=ALICE_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 +- +-PublicKey=MALICE_cf_sect283k1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect283k1 +-PeerKey=MALICE_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect283k1 +-PeerKey=MALICE_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect283r1 curve tests +- +-PrivateKey=ALICE_cf_sect283r1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQCQ5pqKvPxDysd1pi2Bv8Z11cFhsRZfuaf +-4Pi0hpGr4ubZcHE= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect283r1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBcsrGDgO7pbGybQX/00gRHtQq3+X9XrGb7Uzv9Nabwc/ +-kntnBMF0I2KU+aaTjQx1GVtmNf7CvFwPLEBnfKjJAjekjsGyIqoq +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect283r1:ALICE_cf_sect283r1_PUB +- +-PrivateKey=BOB_cf_sect283r1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQDxItnY3cDCrX/jGnVuAKDPaySZCr3E83Q +-UdFnP6YIykt7+Pg= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect283r1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBJ2C9BCkX0YRfs2ufgUKvreUXFWp2AGK+iHlZB4N3LqO +-PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3 +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect283r1 +-PeerKey=BOB_cf_sect283r1_PUB +-SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect283r1 +-PeerKey=ALICE_cf_sect283r1_PUB +-SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect283r1 +-PeerKey=BOB_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect283r1 +-PeerKey=ALICE_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 +- +-PublicKey=MALICE_cf_sect283r1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAByvMnFeSsevoGYMIn7b4NaL9IgowRCTKF8CCrhdEKu3pubP2 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect283r1 +-PeerKey=MALICE_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect283r1 +-PeerKey=MALICE_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect409k1 curve tests +- +-PrivateKey=ALICE_cf_sect409k1 +------BEGIN PRIVATE KEY----- +-MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMOthcLahkXFgM0wjOzm767D1A72sFRGlhb +-bVH+EB7z2WpIcPX4OD+M4Y1pf/a7wSaoSAo= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect409k1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbiYYpeFgCMsZFMzQaiwMJDrC+mCMT7KmhYtD5EMMgLW +-5OvhaqYdpRf49A8LOtVcRT7J5gGcMrXQgmQeS3FenA5owWnB2NIgrTNf5d8AAEtrOupsJ4c3kL6e +-aAzayZ1+UCEj8skbC9U= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect409k1:ALICE_cf_sect409k1_PUB +- +-PrivateKey=BOB_cf_sect409k1 +------BEGIN PRIVATE KEY----- +-MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMO43ldQllTewdZwffH4OEXdzBrLwabKsn4 +-6/hjgIAaYda/pt4yCEQLMp18QgtfMey5ENI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect409k1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAVTQj6hRizVmOx4Z6vroN/zMkmAY+QhkQ0CnFeJ0AydY +-Fv+f+/420vMC1Mhqsc9VzPMmIAH6ZrgGKDsd4Ce9JUtYE0rVhGeiG2RaN1U5RlhVK4avkWhFlyQ5 +-vuu4aApQiWE3yQd9v/I= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect409k1 +-PeerKey=BOB_cf_sect409k1_PUB +-SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect409k1 +-PeerKey=ALICE_cf_sect409k1_PUB +-SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect409k1 +-PeerKey=BOB_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect409k1 +-PeerKey=ALICE_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee +- +-PublicKey=MALICE_cf_sect409k1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAA= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect409k1 +-PeerKey=MALICE_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect409k1 +-PeerKey=MALICE_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect409r1 curve tests +- +-PrivateKey=ALICE_cf_sect409r1 +------BEGIN PRIVATE KEY----- +-MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQAxSC9lST5dtfXQI1Ug9VMMoue3GGni5ON +-+gieyXK2KKbd29KAPs4/AOd8kX2wQDsZPO7E +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect409r1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEASAvXAM15DJerAu1JttpBuMJK1/fEfFohu2iEpt3r7Ui +-iQoER6HUsWiw1hhcJyTv7WzpJQHFWrOlJMe/KjmQa/CygSc65YHDzG27oUL+KGdQUGc79ZRSwl/q +-fGZqa3D+bDVMwrhmZto= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect409r1:ALICE_cf_sect409r1_PUB +- +-PrivateKey=BOB_cf_sect409r1 +------BEGIN PRIVATE KEY----- +-MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQARen+1P3JQzBgOv0pUYwsZTPRVLpqqDAU +-7mKL2lk9eH7zSGmtNoMvP2m1S2dBnXxFY/bV +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect409r1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbDUw066TtdfOpDvrlKosEyqUNEG7rY+AKvDqKw+HOzf +-sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ +-+sUmumbIuGzbrjtMRmw= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect409r1 +-PeerKey=BOB_cf_sect409r1_PUB +-SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect409r1 +-PeerKey=ALICE_cf_sect409r1_PUB +-SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect409r1 +-PeerKey=BOB_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect409r1 +-PeerKey=ALICE_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad +- +-PublicKey=MALICE_cf_sect409r1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAACZNffkdo7i7yL5tKKfU8tdk6su0K185XwbJkn96JWVDPZXZ3My +-bFKKSOJ7hyrM8Lwl1e8= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect409r1 +-PeerKey=MALICE_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect409r1 +-PeerKey=MALICE_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect571k1 curve tests +- +-PrivateKey=ALICE_cf_sect571k1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgB4agvk7Qdf9bVb9aMVdtXL0MuVw6dTleB +-zrpPMYty/piI5GWkQEGVp4OJSjF1BGgWmtYSYlV0oI8jJ7hfWTjVGfVWix4ipb8= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect571k1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDUZq0ZrgYpTXNpOptjExaur0K9FAYHv1j9cvAptwX +-dcmQf3VqekMkGZCfNdqNeqCajG3QHRkBHe4FZhWr3FXi8whvvr463lUDf+t46un1kE6FTYfhILGa +-sBZm7OdfkarYd9TXBbmnkFA+XkyPlkM1+6daM3/WmnegK+TYghFDXLgwiyF8s0ElllF7z38Gmc4= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect571k1:ALICE_cf_sect571k1_PUB +- +-PrivateKey=BOB_cf_sect571k1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgA3pINxGOI7L9M+Mil+bm/udPwI4xu7ubJ +-p3aoOepTXW94laf8wjFLcQnRUwH87Vbq9VLQEfCAFvr2vZoBc+5asnNuDhRNNeQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect571k1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDZRr5GCSq2uzGxmWNB+bED7zye18Rr/KehwXrbn1r +-rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0 +-3E7jGKPFesun9iNtmpgM18P9y3aJd4Qr4hMlwW2Nyw187l6QB/W2e/i+8vKXFTLHlz5WLAyAcpA= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect571k1 +-PeerKey=BOB_cf_sect571k1_PUB +-SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect571k1 +-PeerKey=ALICE_cf_sect571k1_PUB +-SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect571k1 +-PeerKey=BOB_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect571k1 +-PeerKey=ALICE_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 +- +-PublicKey=MALICE_cf_sect571k1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect571k1 +-PeerKey=MALICE_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect571k1 +-PeerKey=MALICE_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect571r1 curve tests +- +-PrivateKey=ALICE_cf_sect571r1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAxfL2/gUsmJonvDMR95Azq1ySgXMlKSRk +-+PL+WaS92ZyOo45HaC7RpH5sdkf4b948u6y1BXOxGZuORXy6lgbgZ1Zx2UgL3cI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect571r1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK5L9ccIWacU2A1srZ35opPu6kcbEOsBPmvj/rlMS +-fFrdMOcagOYfcD0/ouYHPhvkHbr9k87IlQJfnV6ZNRA4PmWSp/FjkNwETm/fqTCUQHti/qqnKH7R +-Ed4fYROLFGvz+PX6E20SryOt1vrmoRyC7Z5FVmgMVOQQ1AaBNAHi3+IPtKx41YdXdbqHJxuI5jE= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect571r1:ALICE_cf_sect571r1_PUB +- +-PrivateKey=BOB_cf_sect571r1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAzcRvASPpWi0ybpOGlj0Lozz01C2a5oDA +-G5alib1EmZKcpVULxJXn75FQlTKpkUEuWUgA4yk5X5DTiScUuh4LDhaF3AFhsEY= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect571r1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH3dnL22NajtqDWTX6qD14w1BOlpHFBUPTr24VySlh +-kiiBlOF95u7hFr/hSb7gm/3f+IVKyE18Sh2kR4KaxWcPWKY5xKTiqiICT7hCistuzNRt8gR+kNOT +-c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect571r1 +-PeerKey=BOB_cf_sect571r1_PUB +-SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect571r1 +-PeerKey=ALICE_cf_sect571r1_PUB +-SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect571r1 +-PeerKey=BOB_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect571r1 +-PeerKey=ALICE_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 +- +-PublicKey=MALICE_cf_sect571r1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMtVWZAwgtd1zmgWN/9WC +-aNQcWRNUKesEHXqhJVkC5jYsSACodKsLYFNrWEYM0gwG8DQONZSn93G+38EM45tkaZsIRDt2HEM= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect571r1 +-PeerKey=MALICE_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect571r1 +-PeerKey=MALICE_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt +--- openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec 2021-06-30 10:51:23.258816802 +0200 ++++ openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt 2021-06-30 11:25:33.504721672 +0200 +@@ -1,3 +1,4 @@ ++ + # + # Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + # +@@ -55,151 +56,6 @@ Derive=BOB_cf_secp256k1 + PeerKey=ALICE_cf_secp256k1_PUB + SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1 + +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBj1AIQMJ7jqYIKCvxYAS+qKMmKmH0to +-41k= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime192v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Gj7Qqt +-2wx/jwFlKgvE4rnd50LspdMk +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime192v2 +-PeerKey=BOB_zero_prime192v2_PUB +-SharedSecret=b8f200a4b87064f2e8600685ca3e69b8e661a117aabc770b +- +-PrivateKey=ALICE_zero_prime192v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBh/maLQMSlea9BfLqGy5NPuK0YAH/cz +-GqI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime192v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZEzb63e2 +-3MKatRLR9Y1M5JEdI9jwMocI +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime192v3 +-PeerKey=BOB_zero_prime192v3_PUB +-SharedSecret=b5de857d355bc5b9e270a4c290ea9728d764d8b243ff5d8d +- +-PrivateKey=ALICE_zero_prime239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5pYWzRYI+c6O7NXCt0H2kw8XRL3rhe +-4MrJT8j++CI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-Ox02uwNNLFuvDRn5ip8TxvW0W22R7UzJa9Av6/nh +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime239v1 +-PeerKey=BOB_zero_prime239v1_PUB +-SharedSecret=6b6206408bd05d42daa2cd224c401a1230b44e184f17b82f385f22dac215 +- +-PrivateKey=ALICE_zero_prime239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5l8bB7Cpmr7vyx9FiOT2wEF3YOFbDG +-bmRr3Vi/xr4= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-IOg3VJGQ89d1GWg4Igxcj5xpDmJiP8tv+e4mxt5U +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime239v2 +-PeerKey=BOB_zero_prime239v2_PUB +-SharedSecret=772c2819c960c78f28f21f6542b7409294fad1f84567c44c4b7678dc0e42 +- +-PrivateKey=ALICE_zero_prime239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5HF5FABzUOTYMZg9UdZTx/oRERm/fU +-M/+otKzpLjA= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AsZ4u6r3qQI78EYBpiSgWjqNpoeShjr5piecMBWj +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime239v3 +-PeerKey=BOB_zero_prime239v3_PUB +-SharedSecret=56a71f5dd1611e8032c3e2d8224d86e5e8c2fc6480d74c0e282282decd43 +- +-PrivateKey=ALICE_zero_prime256v1 +------BEGIN PRIVATE KEY----- +-MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDXhMb6aR4JR2+l2tmgYqP0r8S4jtym +-yH++awvF2nGhhg== +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime256v1_PUB +------BEGIN PUBLIC KEY----- +-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AABmSFx4Di+D1yQzvV2EoGu2VBwq8x2uhxcov4VqF0+T9A== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime256v1 +-PeerKey=BOB_zero_prime256v1_PUB +-SharedSecret=c4f5607deb8501f1a4ba23fce4122a4343a17ada2c86a9c8e0d03d92d4a4c84c +- +-PrivateKey=ALICE_zero_secp384r1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDD6kgzKbg28zbQyVTdC0IdHbm0UCQt2Rdbi +-VVHJeYRSnNpFOiFLaOsGOmwoeZzj6jc= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp384r1_PUB +------BEGIN PUBLIC KEY----- +-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAPPme8E9RpepjC6P5+WDdWToUyb45/SvSFdO0sIqq+Gu/kn8sRuUqsG+3 +-QriFDlIe +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp384r1 +-PeerKey=BOB_zero_secp384r1_PUB +-SharedSecret=b1cfeaeef51dfd487d3a8b2849f1592e04d63f2d2c88b310a6290ebfe5399f5ffe954eabd0619231393e56c35b242986 +- +-PrivateKey=ALICE_zero_secp521r1 +------BEGIN PRIVATE KEY----- +-MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIAbddDLMUWbAsY7l3vbNDmntXuAUcDYPg5 +-w/cgUwSCIvrV9MBeSG8AWqT16riHmHlsn+XI5PAJM6eij3JDahnu9Mo= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp521r1_PUB +------BEGIN PUBLIC KEY----- +-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0g7J/qa1d8ENJsobtEb0CymeZIsa +-1Qiq0GiJb+4/jmFLxjBU1Xcr8Bpl1BLgvKqOll0vXTMtfzn4RtRArgAfT4c= +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp521r1 +-PeerKey=BOB_zero_secp521r1_PUB +-SharedSecret=003fc3028f61db94b20c7cd177923b6e73f12f0ab067c9ce8866755e3c82abb39c9863cde74fa80b32520bd7dd0eb156c30c08911503b67b2661f1264d09bb231423 +- + Title=prime256v1 curve tests + + PrivateKey=ALICE_cf_prime256v1 diff --git a/0012-Disable-explicit-ec.patch b/0012-Disable-explicit-ec.patch new file mode 100644 index 0000000000000000000000000000000000000000..a1df0202299397db607ae208b693f0764b9e5f75 --- /dev/null +++ b/0012-Disable-explicit-ec.patch @@ -0,0 +1,80 @@ +diff -up openssl-3.0.1/crypto/ec/ec_lib.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_lib.c +--- openssl-3.0.1/crypto/ec/ec_lib.c.disable_explicit_ec 2022-02-22 09:08:48.557823665 +0100 ++++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-02-22 09:09:26.634133847 +0100 +@@ -1458,7 +1458,7 @@ static EC_GROUP *ec_group_explicit_to_na + goto err; + } + } else { +- ret_group = (EC_GROUP *)group; ++ goto err; + } + EC_GROUP_free(dup); + return ret_group; +diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.disable_explicit_ec openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c +--- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.disable_explicit_ec 2022-02-22 13:04:16.850856612 +0100 ++++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c 2022-02-22 14:16:19.848369641 +0100 +@@ -936,11 +936,8 @@ int ec_validate(const void *keydata, int + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { + int flags = EC_KEY_get_flags(eck); + +- if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0) +- ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck), +- (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx); +- else +- ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx); ++ ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck), ++ (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx); + } + + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { +@@ -1217,6 +1214,10 @@ static int ec_gen_assign_group(EC_KEY *e + ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET); + return 0; + } ++ if (EC_GROUP_get_curve_name(group) == NID_undef) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE); ++ return 0; ++ } + return EC_KEY_set_group(ec, group) > 0; + } + +diff -up openssl-3.0.1/providers/common/securitycheck.c.disable_explicit_ec openssl-3.0.1/providers/common/securitycheck.c +--- openssl-3.0.1/providers/common/securitycheck.c.disable_explicit_ec 2022-02-25 11:44:19.554673396 +0100 ++++ openssl-3.0.1/providers/common/securitycheck.c 2022-02-25 12:16:38.168610089 +0100 +@@ -93,22 +93,22 @@ int ossl_rsa_check_key(OSSL_LIB_CTX *ctx + int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect) + { + # if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) +- if (ossl_securitycheck_enabled(ctx)) { +- int nid, strength; +- const char *curve_name; +- const EC_GROUP *group = EC_KEY_get0_group(ec); ++ int nid, strength; ++ const char *curve_name; ++ const EC_GROUP *group = EC_KEY_get0_group(ec); + +- if (group == NULL) { +- ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group"); +- return 0; +- } +- nid = EC_GROUP_get_curve_name(group); +- if (nid == NID_undef) { +- ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, +- "Explicit curves are not allowed in fips mode"); +- return 0; +- } ++ if (group == NULL) { ++ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group"); ++ return 0; ++ } ++ nid = EC_GROUP_get_curve_name(group); ++ if (nid == NID_undef) { ++ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, ++ "Explicit curves are not allowed in this build"); ++ return 0; ++ } + ++ if (ossl_securitycheck_enabled(ctx)) { + curve_name = EC_curve_nid2nist(nid); + if (curve_name == NULL) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, diff --git a/0024-load-legacy-prov.patch b/0024-load-legacy-prov.patch new file mode 100644 index 0000000000000000000000000000000000000000..c7d2958edb64c3177daba2758e2413d9cbbdddfa --- /dev/null +++ b/0024-load-legacy-prov.patch @@ -0,0 +1,75 @@ +diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf +--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200 ++++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200 +@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1 + tsa_policy2 = 1.2.3.4.5.6 + tsa_policy3 = 1.2.3.4.5.7 + +-# For FIPS +-# Optionally include a file that is generated by the OpenSSL fipsinstall +-# application. This file contains configuration data required by the OpenSSL +-# fips provider. It contains a named section e.g. [fips_sect] which is +-# referenced from the [provider_sect] below. +-# Refer to the OpenSSL security policy for more information. +-# .include fipsmodule.cnf +- + [openssl_init] + providers = provider_sect + # Load default TLS policy configuration + ssl_conf = ssl_module + +-# List of providers to load +-[provider_sect] +-default = default_sect +-# The fips section name should match the section name inside the +-# included fipsmodule.cnf. +-# fips = fips_sect ++# Uncomment the sections that start with ## below to enable the legacy provider. ++# Loading the legacy provider enables support for the following algorithms: ++# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 ++# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED ++# Key Derivation Function (KDF): PBKDF1 ++# In general it is not recommended to use the above mentioned algorithms for ++# security critical operations, as they are cryptographically weak or vulnerable ++# to side-channel attacks and as such have been deprecated. + +-# If no providers are activated explicitly, the default one is activated implicitly. +-# See man 7 OSSL_PROVIDER-default for more details. +-# +-# If you add a section explicitly activating any other provider(s), you most +-# probably need to explicitly activate the default provider, otherwise it +-# becomes unavailable in openssl. As a consequence applications depending on +-# OpenSSL may not work correctly which could lead to significant system +-# problems including inability to remotely access the system. +-[default_sect] +-# activate = 1 ++[provider_sect] ++default = default_sect ++##legacy = legacy_sect ++## ++[default_sect] ++activate = 1 ++ ++##[legacy_sect] ++##activate = 1 + + [ ssl_module ] + +diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod +--- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200 ++++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200 +@@ -273,6 +273,14 @@ significant. + All parameters in the section as well as sub-sections are made + available to the provider. + ++=head3 Loading the legacy provider ++ ++Uncomment the sections that start with ## in openssl.cnf ++to enable the legacy provider. ++Note: In general it is not recommended to use the above mentioned algorithms for ++security critical operations, as they are cryptographically weak or vulnerable ++to side-channel attacks and as such have been deprecated. ++ + =head3 Default provider and its activation + + If no providers are activated explicitly, the default one is activated implicitly. diff --git a/0025-for-tests.patch b/0025-for-tests.patch new file mode 100644 index 0000000000000000000000000000000000000000..aef200bdd7835c0ca850f9d70793ef105f14e91c --- /dev/null +++ b/0025-for-tests.patch @@ -0,0 +1,18 @@ +diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf +--- openssl-3.0.0/apps/openssl.cnf.xxx 2021-11-23 16:29:50.618691603 +0100 ++++ openssl-3.0.0/apps/openssl.cnf 2021-11-23 16:28:16.872882099 +0100 +@@ -55,11 +55,11 @@ providers = provider_sect + # to side-channel attacks and as such have been deprecated. + + [provider_sect] +-default = default_sect ++##default = default_sect + ##legacy = legacy_sect + ## +-[default_sect] +-activate = 1 ++##[default_sect] ++##activate = 1 + + ##[legacy_sect] + ##activate = 1 diff --git a/0031-tmp-Fix-test-names.patch b/0031-tmp-Fix-test-names.patch new file mode 100644 index 0000000000000000000000000000000000000000..5c22f242e11454a01e800d2c85029b92938d6764 --- /dev/null +++ b/0031-tmp-Fix-test-names.patch @@ -0,0 +1,40 @@ +diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/recipes/90-test_sslapi.t +--- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200 ++++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200 +@@ -40,7 +40,7 @@ unless ($no_fips) { + srctop_file("test", "recipes", "90-test_sslapi_data", + "passwd.txt"), $tmpfilename, "fips", + srctop_file("test", "fips-and-base.cnf")])), +- "running sslapitest"); ++ "running sslapitest - FIPS"); + } + + unlink $tmpfilename; +diff --git a/test/sslapitest.c b/test/sslapitest.c +index e95d2657f46c..7af0eab3fce0 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -1158,6 +1158,11 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, + goto end; + } + ++ if (is_fips && strstr(cipher, "CHACHA") != NULL) { ++ testresult = TEST_skip("CHACHA is not supported in FIPS"); ++ goto end; ++ } ++ + /* Create a session based on SHA-256 */ + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), +@@ -1292,6 +1297,11 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher) + goto end; + } + ++ if (is_fips && strstr(cipher, "CHACHA") != NULL) { ++ testresult = TEST_skip("CHACHA is not supported in FIPS"); ++ goto end; ++ } ++ + /* Create a session based on SHA-256 */ + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), diff --git a/0032-Force-fips.patch b/0032-Force-fips.patch new file mode 100644 index 0000000000000000000000000000000000000000..9f83fcd9cc37192c80b46466252d4865d3425039 --- /dev/null +++ b/0032-Force-fips.patch @@ -0,0 +1,161 @@ +#Note: provider_conf_activate() is introduced in downstream only. It is a rewrite +#(partial) of the function provider_conf_load() under the 'if (activate) section. +#If there is any change to this section, after deleting it in provider_conf_load() +#ensure that you also add those changes to the provider_conf_activate() function. +#additionally please add this check for cnf explicitly as shown below. +#'ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;' +diff -up openssl-3.0.1/crypto/provider_conf.c.fips-FORCE openssl-3.0.1/crypto/provider_conf.c +--- openssl-3.0.1/crypto/provider_conf.c.fips-FORCE 2022-01-18 15:36:00.956141345 +0100 ++++ openssl-3.0.1/crypto/provider_conf.c 2022-01-18 15:42:36.345172203 +0100 +@@ -136,58 +136,18 @@ static int prov_already_activated(const + return 0; + } + +-static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, +- const char *value, const CONF *cnf) ++static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name, ++ const char *value, const char *path, ++ int soft, const CONF *cnf) + { +- int i; +- STACK_OF(CONF_VALUE) *ecmds; +- int soft = 0; +- OSSL_PROVIDER *prov = NULL, *actual = NULL; +- const char *path = NULL; +- long activate = 0; + int ok = 0; +- +- name = skip_dot(name); +- OSSL_TRACE1(CONF, "Configuring provider %s\n", name); +- /* Value is a section containing PROVIDER commands */ +- ecmds = NCONF_get_section(cnf, value); +- +- if (!ecmds) { +- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, +- "section=%s not found", value); +- return 0; +- } +- +- /* Find the needed data first */ +- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { +- CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); +- const char *confname = skip_dot(ecmd->name); +- const char *confvalue = ecmd->value; +- +- OSSL_TRACE2(CONF, "Provider command: %s = %s\n", +- confname, confvalue); +- +- /* First handle some special pseudo confs */ +- +- /* Override provider name to use */ +- if (strcmp(confname, "identity") == 0) +- name = confvalue; +- else if (strcmp(confname, "soft_load") == 0) +- soft = 1; +- /* Load a dynamic PROVIDER */ +- else if (strcmp(confname, "module") == 0) +- path = confvalue; +- else if (strcmp(confname, "activate") == 0) +- activate = 1; +- } +- +- if (activate) { +- PROVIDER_CONF_GLOBAL *pcgbl +- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, +- &provider_conf_ossl_ctx_method); ++ OSSL_PROVIDER *prov = NULL, *actual = NULL; ++ PROVIDER_CONF_GLOBAL *pcgbl ++ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, ++ &provider_conf_ossl_ctx_method); + + if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) { +- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); ++ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); + return 0; + } + if (!prov_already_activated(name, pcgbl->activated_providers)) { +@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C + if (path != NULL) + ossl_provider_set_module_path(prov, path); + +- ok = provider_conf_params(prov, NULL, NULL, value, cnf); ++ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1; + + if (ok) { + if (!ossl_provider_activate(prov, 1, 0)) { +@@ -246,6 +206,55 @@ static int provider_conf_load(OSSL_LIB_C + ossl_provider_free(prov); + } + CRYPTO_THREAD_unlock(pcgbl->lock); ++ return ok; ++} ++ ++static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, ++ const char *value, const CONF *cnf) ++{ ++ int i; ++ STACK_OF(CONF_VALUE) *ecmds; ++ int soft = 0; ++ const char *path = NULL; ++ long activate = 0; ++ int ok = 0; ++ ++ name = skip_dot(name); ++ OSSL_TRACE1(CONF, "Configuring provider %s\n", name); ++ /* Value is a section containing PROVIDER commands */ ++ ecmds = NCONF_get_section(cnf, value); ++ ++ if (!ecmds) { ++ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, ++ "section=%s not found", value); ++ return 0; ++ } ++ ++ /* Find the needed data first */ ++ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { ++ CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); ++ const char *confname = skip_dot(ecmd->name); ++ const char *confvalue = ecmd->value; ++ ++ OSSL_TRACE2(CONF, "Provider command: %s = %s\n", ++ confname, confvalue); ++ ++ /* First handle some special pseudo confs */ ++ ++ /* Override provider name to use */ ++ if (strcmp(confname, "identity") == 0) ++ name = confvalue; ++ else if (strcmp(confname, "soft_load") == 0) ++ soft = 1; ++ /* Load a dynamic PROVIDER */ ++ else if (strcmp(confname, "module") == 0) ++ path = confvalue; ++ else if (strcmp(confname, "activate") == 0) ++ activate = 1; ++ } ++ ++ if (activate) { ++ ok = provider_conf_activate(libctx, name, value, path, soft, cnf); + } else { + OSSL_PROVIDER_INFO entry; + +@@ -306,6 +315,19 @@ static int provider_conf_init(CONF_IMODU + return 0; + } + ++ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */ ++ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf); ++ PROVIDER_CONF_GLOBAL *pcgbl ++ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, ++ &provider_conf_ossl_ctx_method); ++ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1) ++ return 0; ++ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1) ++ return 0; ++ if (EVP_default_properties_enable_fips(libctx, 1) != 1) ++ return 0; ++ } ++ + return 1; + } + diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch new file mode 100644 index 0000000000000000000000000000000000000000..c7880724dbc5a3d342e548379cf8a979ce85f01e --- /dev/null +++ b/0033-FIPS-embed-hmac.patch @@ -0,0 +1,223 @@ +diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/providers/fips/self_test.c +--- openssl-3.0.0/providers/fips/self_test.c.embed-hmac 2021-11-16 13:57:05.127171056 +0100 ++++ openssl-3.0.0/providers/fips/self_test.c 2021-11-16 14:07:21.963412455 +0100 +@@ -171,11 +171,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) + } + #endif + ++#define HMAC_LEN 32 ++/* ++ * The __attribute__ ensures we've created the .rodata1 section ++ * static ensures it's zero filled ++*/ ++static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0}; ++ + /* + * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify + * the result matches the expected value. + * Return 1 if verified, or 0 if it fails. + */ ++#ifndef __USE_GNU ++#define __USE_GNU ++#include ++#undef __USE_GNU ++#else ++#include ++#endif ++#include ++ + static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, + unsigned char *expected, size_t expected_len, + OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, +@@ -183,14 +199,26 @@ static int verify_integrity(OSSL_CORE_BI + { + int ret = 0, status; + unsigned char out[MAX_MD_SIZE]; +- unsigned char buf[INTEGRITY_BUF_SIZE]; ++ unsigned char buf[INTEGRITY_BUF_SIZE+HMAC_LEN]; + size_t bytes_read = 0, out_len = 0; + EVP_MAC *mac = NULL; + EVP_MAC_CTX *ctx = NULL; + OSSL_PARAM params[2], *p = params; ++ Dl_info info; ++ void *extra_info = NULL; ++ struct link_map *lm = NULL; ++ unsigned long paddr; ++ unsigned long off = 0; ++ int have_rest = 0; + + OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); + ++ if (!dladdr1 ((const void *)fips_hmac_container, ++ &info, &extra_info, RTLD_DL_LINKMAP)) ++ goto err; ++ lm = extra_info; ++ paddr = (unsigned long)fips_hmac_container - lm->l_addr; ++ + mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); + if (mac == NULL) + goto err; +@@ -204,12 +233,53 @@ static int verify_integrity(OSSL_CORE_BI + if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) + goto err; + ++ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); ++ if (status != 1 || bytes_read != HMAC_LEN) ++ goto err; ++ off += HMAC_LEN; ++ + while (1) { +- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); +- if (status != 1) ++ status = read_ex_cb(bio, buf+HMAC_LEN, INTEGRITY_BUF_SIZE, &bytes_read); ++ if (status != 1) { ++ have_rest = 1; ++ break; ++ } ++ ++ if (bytes_read == INTEGRITY_BUF_SIZE) { /* Full block */ ++ /* Logic: ++ * We have HMAC_LEN (read before) + INTEGRITY_BUF_SIZE (read now) in buffer ++ * We calculate HMAC from first INTEGRITY_BUF_SIZE bytes ++ * and move last HMAC_LEN bytes to the beginning of the buffer ++ * ++ * If we have read (a part of) buffer fips_hmac_container ++ * we should replace it with zeros. ++ * If it is inside our current buffer, we will update now. ++ * If it intersects the upper bound, we will clean up on the next step. ++ */ ++ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read) ++ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN); ++ off += bytes_read; ++ ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ memcpy (buf, buf+INTEGRITY_BUF_SIZE, HMAC_LEN); ++ } else { /* Final block */ ++ /* Logic is basically the same as in previous branch ++ * but we calculate HMAC from HMAC_LEN (rest of previous step) ++ * and bytes_read read on this step ++ * */ ++ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read) ++ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN); ++ if (!EVP_MAC_update(ctx, buf, bytes_read+HMAC_LEN)) ++ goto err; ++ off += bytes_read; + break; +- if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ } ++ } ++ if (have_rest) { ++ if (!EVP_MAC_update(ctx, buf, HMAC_LEN)) + goto err; ++ off += HMAC_LEN; + } + if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) + goto err; +@@ -284,8 +358,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + CRYPTO_THREAD_unlock(fips_state_lock); + } + +- if (st == NULL +- || st->module_checksum_data == NULL) { ++ if (st == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); + goto end; + } +@@ -294,8 +367,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + if (ev == NULL) + goto end; + +- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, +- &checksum_len); ++ module_checksum = fips_hmac_container; ++ checksum_len = sizeof(fips_hmac_container); ++ + if (module_checksum == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); + goto end; +@@ -357,7 +431,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + ok = 1; + end: + OSSL_SELF_TEST_free(ev); +- OPENSSL_free(module_checksum); + OPENSSL_free(indicator_checksum); + + if (st != NULL) { +diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t +--- openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 ++++ openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t 2021-11-18 09:39:53.386817874 +0100 +@@ -20,7 +20,7 @@ + use lib bldtop_dir('.'); + use platform; + +-my $no_check = disabled("fips"); ++my $no_check = 1; + plan skip_all => "FIPS module config file only supported in a fips build" + if $no_check; + +diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t +--- openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 ++++ openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t 2021-11-18 09:59:02.315619486 +0100 +@@ -23,7 +23,7 @@ + use lib bldtop_dir('.'); + use platform; + +-my $no_check = disabled("fips"); ++my $no_check = 1; + plan skip_all => "Test only supported in a fips build" + if $no_check; + plan tests => 1; +diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t +--- openssl-3.0.0/test/recipes/03-test_fipsinstall.t 2021-09-07 13:46:32.000000000 +0200 ++++ openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t 2021-11-18 09:59:55.365072074 +0100 +@@ -22,7 +22,7 @@ + use lib bldtop_dir('.'); + use platform; + +-plan skip_all => "Test only supported in a fips build" if disabled("fips"); ++plan skip_all => "Test only supported in a fips build" if 1; + + plan tests => 29; + +diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t +--- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200 ++++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100 +@@ -21,7 +21,7 @@ + use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + + plan tests => + ($no_fips ? 1 : 5); +diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t +--- openssl-3.0.0/test/recipes/80-test_ssl_new.t 2021-09-07 13:46:32.000000000 +0200 ++++ openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t 2021-11-18 10:18:53.391721164 +0100 +@@ -23,7 +23,7 @@ + use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + + $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); + +diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t +--- openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-11-18 10:32:17.734196705 +0100 ++++ openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t 2021-11-18 10:18:30.695538445 +0100 +@@ -18,7 +18,7 @@ + use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + + plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" + if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); +--- /dev/null 2021-11-16 15:27:32.915000000 +0100 ++++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100 +@@ -0,0 +1,2 @@ ++[fips_sect] ++activate = 1 diff --git a/0034.fipsinstall_disable.patch b/0034.fipsinstall_disable.patch new file mode 100644 index 0000000000000000000000000000000000000000..c4f9efd99d83dbdcdaf62f64737841a801e1f992 --- /dev/null +++ b/0034.fipsinstall_disable.patch @@ -0,0 +1,406 @@ +diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c +--- openssl-3.0.0/apps/fipsinstall.c.xxx 2021-11-22 13:09:28.232560235 +0100 ++++ openssl-3.0.0/apps/fipsinstall.c 2021-11-22 13:12:22.272058910 +0100 +@@ -311,6 +311,9 @@ int fipsinstall_main(int argc, char **ar + EVP_MAC *mac = NULL; + CONF *conf = NULL; + ++ BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n"); ++ return 1; ++ + if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) + goto end; + +diff -up openssl-3.0.0/doc/man1/openssl.pod.xxx openssl-3.0.0/doc/man1/openssl.pod +--- openssl-3.0.0/doc/man1/openssl.pod.xxx 2021-11-22 13:18:51.081406990 +0100 ++++ openssl-3.0.0/doc/man1/openssl.pod 2021-11-22 13:19:02.897508738 +0100 +@@ -158,10 +158,6 @@ Engine (loadable module) information and + + Error Number to Error String Conversion. + +-=item B +- +-FIPS configuration installation. +- + =item B + + Generation of DSA Private Key from Parameters. Superseded by +diff -up openssl-3.0.0/doc/man5/config.pod.xxx openssl-3.0.0/doc/man5/config.pod +--- openssl-3.0.0/doc/man5/config.pod.xxx 2021-11-22 13:24:51.359509501 +0100 ++++ openssl-3.0.0/doc/man5/config.pod 2021-11-22 13:26:02.360121820 +0100 +@@ -573,7 +573,6 @@ configuration files using that syntax wi + =head1 SEE ALSO + + L, L, L, +-L, + L, + L, + L, +diff -up openssl-3.0.0/doc/man5/fips_config.pod.xxx openssl-3.0.0/doc/man5/fips_config.pod +--- openssl-3.0.0/doc/man5/fips_config.pod.xxx 2021-11-22 13:21:13.812636065 +0100 ++++ openssl-3.0.0/doc/man5/fips_config.pod 2021-11-22 13:24:12.278172847 +0100 +@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration + + =head1 DESCRIPTION + +-A separate configuration file, using the OpenSSL L syntax, +-is used to hold information about the FIPS module. This includes a digest +-of the shared library file, and status about the self-testing. +-This data is used automatically by the module itself for two +-purposes: +- +-=over 4 +- +-=item - Run the startup FIPS self-test known answer tests (KATS). +- +-This is normally done once, at installation time, but may also be set up to +-run each time the module is used. +- +-=item - Verify the module's checksum. +- +-This is done each time the module is used. +- +-=back +- +-This file is generated by the L program, and +-used internally by the FIPS module during its initialization. +- +-The following options are supported. They should all appear in a section +-whose name is identified by the B option in the B +-section, as described in L. +- +-=over 4 +- +-=item B +- +-If present, the module is activated. The value assigned to this name is not +-significant. +- +-=item B +- +-A version number for the fips install process. Should be 1. +- +-=item B +- +-The FIPS module normally enters an internal error mode if any self test fails. +-Once this error mode is active, no services or cryptographic algorithms are +-accessible from this point on. +-Continuous tests are a subset of the self tests (e.g., a key pair test during key +-generation, or the CRNG output test). +-Setting this value to C<0> allows the error mode to not be triggered if any +-continuous test fails. The default value of C<1> will trigger the error mode. +-Regardless of the value, the operation (e.g., key generation) that called the +-continuous test will return an error code if its continuous test fails. The +-operation may then be retried if the error mode has not been triggered. +- +-=item B +- +-This indicates if run-time checks related to enforcement of security parameters +-such as minimum security strength of keys and approved curve names are used. +-A value of '1' will perform the checks, otherwise if the value is '0' the checks +-are not performed and FIPS compliance must be done by procedures documented in +-the relevant Security Policy. +- +-=item B +- +-The calculated MAC of the FIPS provider file. +- +-=item B +- +-An indicator that the self-tests were successfully run. +-This should only be written after the module has +-successfully passed its self tests during installation. +-If this field is not present, then the self tests will run when the module +-loads. +- +-=item B +- +-A MAC of the value of the B option, to prevent accidental +-changes to that value. +-It is written-to at the same time as B is updated. +- +-=back +- +-For example: +- +- [fips_sect] +- activate = 1 +- install-version = 1 +- conditional-errors = 1 +- security-checks = 1 +- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC +- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C +- install-status = INSTALL_SELF_TEST_KATS_RUN +- +-=head1 NOTES +- +-When using the FIPS provider, it is recommended that the +-B option is enabled to prevent accidental use of +-non-FIPS validated algorithms via broken or mistaken configuration. +-See L. +- +-=head1 SEE ALSO +- +-L +-L ++This command is disabled in Red Hat Enterprise Linux. The FIPS provider is ++automatically loaded when the system is booted in FIPS mode, or when the ++environment variable B is set. See the documentation ++for more information. + + =head1 COPYRIGHT + +diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod +--- openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx 2021-11-22 13:18:13.850086386 +0100 ++++ openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod 2021-11-22 13:18:24.607179038 +0100 +@@ -388,7 +388,6 @@ A simple self test callback is shown bel + + =head1 SEE ALSO + +-L, + L, + L, + L, +diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in +--- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100 ++++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100 +@@ -8,236 +8,11 @@ openssl-fipsinstall - perform FIPS confi + =head1 SYNOPSIS + + B +-[B<-help>] +-[B<-in> I] +-[B<-out> I] +-[B<-module> I] +-[B<-provider_name> I] +-[B<-section_name> I] +-[B<-verify>] +-[B<-mac_name> I] +-[B<-macopt> I:I] +-[B<-noout>] +-[B<-quiet>] +-[B<-no_conditional_errors>] +-[B<-no_security_checks>] +-[B<-self_test_onload>] +-[B<-corrupt_desc> I] +-[B<-corrupt_type> I] +-[B<-config> I] + + =head1 DESCRIPTION +- +-This command is used to generate a FIPS module configuration file. +-This configuration file can be used each time a FIPS module is loaded +-in order to pass data to the FIPS module self tests. The FIPS module always +-verifies its MAC, but optionally only needs to run the KAT's once, +-at installation. +- +-The generated configuration file consists of: +- +-=over 4 +- +-=item - A MAC of the FIPS module file. +- +-=item - A test status indicator. +- +-This indicates if the Known Answer Self Tests (KAT's) have successfully run. +- +-=item - A MAC of the status indicator. +- +-=item - A control for conditional self tests errors. +- +-By default if a continuous test (e.g a key pair test) fails then the FIPS module +-will enter an error state, and no services or cryptographic algorithms will be +-able to be accessed after this point. +-The default value of '1' will cause the fips module error state to be entered. +-If the value is '0' then the module error state will not be entered. +-Regardless of whether the error state is entered or not, the current operation +-(e.g. key generation) will return an error. The user is responsible for retrying +-the operation if the module error state is not entered. +- +-=item - A control to indicate whether run-time security checks are done. +- +-This indicates if run-time checks related to enforcement of security parameters +-such as minimum security strength of keys and approved curve names are used. +-The default value of '1' will perform the checks. +-If the value is '0' the checks are not performed and FIPS compliance must +-be done by procedures documented in the relevant Security Policy. +- +-=back +- +-This file is described in L. +- +-=head1 OPTIONS +- +-=over 4 +- +-=item B<-help> +- +-Print a usage message. +- +-=item B<-module> I +- +-Filename of the FIPS module to perform an integrity check on. +-The path provided in the filename is used to load the module when it is +-activated, and this overrides the environment variable B. +- +-=item B<-out> I +- +-Filename to output the configuration data to; the default is standard output. +- +-=item B<-in> I +- +-Input filename to load configuration data from. +-Must be used if the B<-verify> option is specified. +- +-=item B<-verify> +- +-Verify that the input configuration file contains the correct information. +- +-=item B<-provider_name> I +- +-Name of the provider inside the configuration file. +-The default value is C. +- +-=item B<-section_name> I +- +-Name of the section inside the configuration file. +-The default value is C. +- +-=item B<-mac_name> I +- +-Specifies the name of a supported MAC algorithm which will be used. +-The MAC mechanisms that are available will depend on the options +-used when building OpenSSL. +-To see the list of supported MAC's use the command +-C. The default is B. +- +-=item B<-macopt> I:I +- +-Passes options to the MAC algorithm. +-A comprehensive list of controls can be found in the EVP_MAC implementation +-documentation. +-Common control strings used for this command are: +- +-=over 4 +- +-=item B:I +- +-Specifies the MAC key as an alphanumeric string (use if the key contains +-printable characters only). +-The string length must conform to any restrictions of the MAC algorithm. +-A key must be specified for every MAC algorithm. +-If no key is provided, the default that was specified when OpenSSL was +-configured is used. +- +-=item B:I +- +-Specifies the MAC key in hexadecimal form (two hex digits per byte). +-The key length must conform to any restrictions of the MAC algorithm. +-A key must be specified for every MAC algorithm. +-If no key is provided, the default that was specified when OpenSSL was +-configured is used. +- +-=item B:I +- +-Used by HMAC as an alphanumeric string (use if the key contains printable +-characters only). +-The string length must conform to any restrictions of the MAC algorithm. +-To see the list of supported digests, use the command +-C. +-The default digest is SHA-256. +- +-=back +- +-=item B<-noout> +- +-Disable logging of the self tests. +- +-=item B<-no_conditional_errors> +- +-Configure the module to not enter an error state if a conditional self test +-fails as described above. +- +-=item B<-no_security_checks> +- +-Configure the module to not perform run-time security checks as described above. +- +-=item B<-self_test_onload> +- +-Do not write the two fields related to the "test status indicator" and +-"MAC status indicator" to the output configuration file. Without these fields +-the self tests KATS will run each time the module is loaded. This option could be +-used for cross compiling, since the self tests need to run at least once on each +-target machine. Once the self tests have run on the target machine the user +-could possibly then add the 2 fields into the configuration using some other +-mechanism. +- +-=item B<-quiet> +- +-Do not output pass/fail messages. Implies B<-noout>. +- +-=item B<-corrupt_desc> I, +-B<-corrupt_type> I +- +-The corrupt options can be used to test failure of one or more self tests by +-name. +-Either option or both may be used to select the tests to corrupt. +-Refer to the entries for B and B in L for +-values that can be used. +- +-=item B<-config> I +- +-Test that a FIPS provider can be loaded from the specified configuration file. +-A previous call to this application needs to generate the extra configuration +-data that is included by the base C configuration file. +-See L for further information on how to set up a provider section. +-All other options are ignored if '-config' is used. +- +-=back +- +-=head1 NOTES +- +-Self tests results are logged by default if the options B<-quiet> and B<-noout> +-are not specified, or if either of the options B<-corrupt_desc> or +-B<-corrupt_type> are used. +-If the base configuration file is set up to autoload the fips module, then the +-fips module will be loaded and self tested BEFORE the fipsinstall application +-has a chance to set up its own self test callback. As a result of this the self +-test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored. +-For normal usage the base configuration file should use the default provider +-when generating the fips configuration file. +- +-=head1 EXAMPLES +- +-Calculate the mac of a FIPS module F and run a FIPS self test +-for the module, and save the F configuration file: +- +- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips +- +-Verify that the configuration file F contains the correct info: +- +- openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify +- +-Corrupt any self tests which have the description C: +- +- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \ +- -corrupt_desc 'SHA1' +- +-Validate that the fips module can be loaded from a base configuration file: +- +- export OPENSSL_CONF_INCLUDE= +- export OPENSSL_MODULES= +- openssl fipsinstall -config' 'default.cnf' +- +- +-=head1 SEE ALSO +- +-L, +-L, +-L, +-L ++This command is disabled. ++Please consult Red Hat Enterprise Linux documentation to learn how to correctly ++enable FIPS mode on Red Hat Enterprise + + =head1 COPYRIGHT + diff --git a/0035-speed-skip-unavailable-dgst.patch b/0035-speed-skip-unavailable-dgst.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d948dd21bea047ea8912b71d456e2f3c6ed7588 --- /dev/null +++ b/0035-speed-skip-unavailable-dgst.patch @@ -0,0 +1,26 @@ +diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c +--- openssl-3.0.0/apps/speed.c.beldmit 2021-12-21 15:14:04.210431584 +0100 ++++ openssl-3.0.0/apps/speed.c 2021-12-21 15:46:05.554085125 +0100 +@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo + for (count = 0; COND(c[algindex][testnum]); count++) { + size_t outl; + ++ if (mctx == NULL) ++ return -1; ++ + if (!EVP_MAC_init(mctx, NULL, 0, NULL) + || !EVP_MAC_update(mctx, buf, lengths[testnum]) + || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) +@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv) + if (loopargs[i].mctx == NULL) + goto end; + +- if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) +- goto end; ++ if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) { ++ EVP_MAC_CTX_free(loopargs[i].mctx); ++ loopargs[i].mctx = NULL; ++ } + } + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], diff --git a/0047-FIPS-early-KATS.patch b/0047-FIPS-early-KATS.patch new file mode 100644 index 0000000000000000000000000000000000000000..ef2d08153f23c28f01f12bd282279553dfb6b2d8 --- /dev/null +++ b/0047-FIPS-early-KATS.patch @@ -0,0 +1,39 @@ +diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/providers/fips/self_test.c +--- openssl-3.0.1/providers/fips/self_test.c.earlykats 2022-01-19 13:10:00.635830783 +0100 ++++ openssl-3.0.1/providers/fips/self_test.c 2022-01-19 13:11:43.309342656 +0100 +@@ -362,6 +362,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + if (ev == NULL) + goto end; + ++ /* ++ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements ++ */ ++ if (kats_already_passed == 0) { ++ if (!SELF_TEST_kats(ev, st->libctx)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); ++ goto end; ++ } ++ } ++ + module_checksum = fips_hmac_container; + checksum_len = sizeof(fips_hmac_container); + +@@ -411,18 +421,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + kats_already_passed = 1; + } + } +- +- /* +- * Only runs the KAT's during installation OR on_demand(). +- * NOTE: If the installation option 'self_test_onload' is chosen then this +- * path will always be run, since kats_already_passed will always be 0. +- */ +- if (on_demand_test || kats_already_passed == 0) { +- if (!SELF_TEST_kats(ev, st->libctx)) { +- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); +- goto end; +- } +- } + ok = 1; + end: + OSSL_SELF_TEST_free(ev); diff --git a/0048-correctly-handle-records.patch b/0048-correctly-handle-records.patch new file mode 100644 index 0000000000000000000000000000000000000000..ecbc09c9ba95791df9bc976c4b46329b2a61a890 --- /dev/null +++ b/0048-correctly-handle-records.patch @@ -0,0 +1,52 @@ +diff -up openssl-3.0.1/apps/s_server.c.handle-records openssl-3.0.1/apps/s_server.c +--- openssl-3.0.1/apps/s_server.c.handle-records 2022-02-03 15:26:16.803434943 +0100 ++++ openssl-3.0.1/apps/s_server.c 2022-02-03 15:34:33.358298697 +0100 +@@ -2982,7 +2982,9 @@ static int www_body(int s, int stype, in + /* Set width for a select call if needed */ + width = s + 1; + +- buf = app_malloc(bufsize, "server www buffer"); ++ /* as we use BIO_gets(), and it always null terminates data, we need ++ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ ++ buf = app_malloc(bufsize + 1, "server www buffer"); + io = BIO_new(BIO_f_buffer()); + ssl_bio = BIO_new(BIO_f_ssl()); + if ((io == NULL) || (ssl_bio == NULL)) +@@ -3047,7 +3049,7 @@ static int www_body(int s, int stype, in + } + + for (;;) { +- i = BIO_gets(io, buf, bufsize - 1); ++ i = BIO_gets(io, buf, bufsize + 1); + if (i < 0) { /* error */ + if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) { + if (!s_quiet) +@@ -3112,7 +3114,7 @@ static int www_body(int s, int stype, in + * we're expecting to come from the client. If they haven't + * sent one there's not much we can do. + */ +- BIO_gets(io, buf, bufsize - 1); ++ BIO_gets(io, buf, bufsize + 1); + } + + BIO_puts(io, +@@ -3401,7 +3403,9 @@ static int rev_body(int s, int stype, in + SSL *con; + BIO *io, *ssl_bio, *sbio; + +- buf = app_malloc(bufsize, "server rev buffer"); ++ /* as we use BIO_gets(), and it always null terminates data, we need ++ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ ++ buf = app_malloc(bufsize + 1, "server rev buffer"); + io = BIO_new(BIO_f_buffer()); + ssl_bio = BIO_new(BIO_f_ssl()); + if ((io == NULL) || (ssl_bio == NULL)) +@@ -3476,7 +3480,7 @@ static int rev_body(int s, int stype, in + print_ssl_summary(con); + + for (;;) { +- i = BIO_gets(io, buf, bufsize - 1); ++ i = BIO_gets(io, buf, bufsize + 1); + if (i < 0) { /* error */ + if (!BIO_should_retry(io)) { + if (!s_quiet) diff --git a/0050-FIPS-enable-pkcs12-mac.patch b/0050-FIPS-enable-pkcs12-mac.patch new file mode 100644 index 0000000000000000000000000000000000000000..1496bb275634a2779f9a90ddb6f218c24742364c --- /dev/null +++ b/0050-FIPS-enable-pkcs12-mac.patch @@ -0,0 +1,95 @@ +diff -up openssl-3.0.1/crypto/pkcs12/p12_key.c.pkc12_fips openssl-3.0.1/crypto/pkcs12/p12_key.c +--- openssl-3.0.1/crypto/pkcs12/p12_key.c.pkc12_fips 2022-02-21 12:35:24.829893907 +0100 ++++ openssl-3.0.1/crypto/pkcs12/p12_key.c 2022-02-21 13:01:22.711622967 +0100 +@@ -85,17 +85,41 @@ int PKCS12_key_gen_uni_ex(unsigned char + EVP_KDF *kdf; + EVP_KDF_CTX *ctx; + OSSL_PARAM params[6], *p = params; ++ char *adjusted_propq = NULL; + + if (n <= 0) + return 0; + +- kdf = EVP_KDF_fetch(libctx, "PKCS12KDF", propq); +- if (kdf == NULL) ++ if (ossl_get_kernel_fips_flag()) { ++ const char *nofips = "-fips"; ++ size_t len = propq ? strlen(propq) + 1 + strlen(nofips) + 1 : ++ strlen(nofips) + 1; ++ char *ptr = NULL; ++ ++ adjusted_propq = OPENSSL_zalloc(len); ++ if (adjusted_propq != NULL) { ++ ptr = adjusted_propq; ++ if (propq) { ++ memcpy(ptr, propq, strlen(propq)); ++ ptr += strlen(propq); ++ *ptr = ','; ++ ptr++; ++ } ++ memcpy(ptr, nofips, strlen(nofips)); ++ } ++ } ++ ++ kdf = adjusted_propq ? EVP_KDF_fetch(libctx, "PKCS12KDF", adjusted_propq) : EVP_KDF_fetch(libctx, "PKCS12KDF", propq); ++ if (kdf == NULL) { ++ OPENSSL_free(adjusted_propq); + return 0; ++ } + ctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); +- if (ctx == NULL) ++ if (ctx == NULL) { ++ OPENSSL_free(adjusted_propq); + return 0; ++ } + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)EVP_MD_get0_name(md_type), +@@ -127,6 +149,7 @@ int PKCS12_key_gen_uni_ex(unsigned char + } OSSL_TRACE_END(PKCS12_KEYGEN); + } + EVP_KDF_CTX_free(ctx); ++ OPENSSL_free(adjusted_propq); + return res; + } + +diff -up openssl-3.0.1/apps/pkcs12.c.pkc12_fips_apps openssl-3.0.1/apps/pkcs12.c +--- openssl-3.0.1/apps/pkcs12.c.pkc12_fips_apps 2022-02-21 16:37:07.908923682 +0100 ++++ openssl-3.0.1/apps/pkcs12.c 2022-02-21 17:38:44.555345633 +0100 +@@ -765,15 +765,34 @@ int pkcs12_main(int argc, char **argv) + } + if (macver) { + EVP_KDF *pkcs12kdf; ++ char *adjusted_propq = NULL; ++ const char *nofips = "-fips"; ++ size_t len = app_get0_propq() ? strlen(app_get0_propq()) + 1 + strlen(nofips) + 1 : ++ strlen(nofips) + 1; ++ char *ptr = NULL; ++ ++ adjusted_propq = OPENSSL_zalloc(len); ++ if (adjusted_propq != NULL) { ++ ptr = adjusted_propq; ++ if (app_get0_propq()) { ++ memcpy(ptr, app_get0_propq(), strlen(app_get0_propq())); ++ ptr += strlen(app_get0_propq()); ++ *ptr = ','; ++ ptr++; ++ } ++ memcpy(ptr, nofips, strlen(nofips)); ++ } + + pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF", +- app_get0_propq()); ++ adjusted_propq ? adjusted_propq : app_get0_propq()); + if (pkcs12kdf == NULL) { + BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n"); + BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n"); ++ OPENSSL_free(adjusted_propq); + goto end; + } + EVP_KDF_free(pkcs12kdf); ++ OPENSSL_free(adjusted_propq); + /* If we enter empty password try no password first */ + if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { + /* If mac and crypto pass the same set it to NULL too */ diff --git a/README.md b/README.md deleted file mode 100644 index 7342728d557c602f51c6d278bba9f3dd9faaf356..0000000000000000000000000000000000000000 --- a/README.md +++ /dev/null @@ -1,11 +0,0 @@ -Anolis OS -======================================= -# 代码仓库说明 -## 分支说明 ->进行代码开发工作时,请注意选择当前版本对应的分支 -* aX分支为对应大版本的主分支,如a8分支对应当前最新版本 -* aX.Y分支为对应小版本的维护分支,如a8.2分支对应8.2版本 -## 开发流程 -1. 首先fork目标分支到自己的namespace -2. 在自己的fork分支上做出修改 -3. 向对应的仓库中提交merge request,源分支为fork分支 diff --git a/openssl-3.0.1.tar.gz b/openssl-3.0.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..65e3b396076b027aca3734a5cf26862b42e7b1e5 Binary files /dev/null and b/openssl-3.0.1.tar.gz differ diff --git a/openssl.spec b/openssl.spec new file mode 100644 index 0000000000000000000000000000000000000000..a91accadf1a3bbb451e02fb226eba70f99b16106 --- /dev/null +++ b/openssl.spec @@ -0,0 +1,211 @@ +%global soversion 3 + +Name: openssl +Version: 3.0.1 +Release: 1%{?dist} +Summary: Utilities from the general purpose cryptography library with TLS implementation + +License: ASL 2.0 +URL: http://www.openssl.org/ +Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz +Source1: hobble-openssl +Source2: Makefile.certificate +Source3: genpatches +Source4: make-dummy-cert +Source5: renew-dummy-cert +Source6: configuration-switch.h +Source7: configuration-prefix.h +Source8: ec_curve.c +Source9: ectest.c +Source10: 0025-for-tests.patch + +Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch +Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch +Patch3: 0003-Do-not-install-html-docs.patch +Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch +Patch5: 0005-apps-ca-fix-md-option-help-text.patch +Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch +Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch +Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch +Patch11: 0011-Remove-EC-curves.patch +Patch12: 0012-Disable-explicit-ec.patch +Patch24: 0024-load-legacy-prov.patch +Patch31: 0031-tmp-Fix-test-names.patch +Patch32: 0032-Force-fips.patch +Patch33: 0033-FIPS-embed-hmac.patch +Patch34: 0034.fipsinstall_disable.patch +Patch35: 0035-speed-skip-unavailable-dgst.patch +Patch47: 0047-FIPS-early-KATS.patch +Patch48: 0048-correctly-handle-records.patch +Patch50: 0050-FIPS-enable-pkcs12-mac.patch + +BuildRequires: gcc, git, coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp +BuildRequires: lksctp-tools-devel +BuildRequires: /usr/bin/rename +BuildRequires: /usr/bin/pod2man +BuildRequires: /usr/sbin/sysctl +BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt) +BuildRequires: perl(Module::Load::Conditional), perl(File::Temp) +BuildRequires: perl(Time::HiRes), perl(IPC::Cmd), perl(Pod::Html), perl(Digest::SHA) +BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), perl(bigint) +Requires: coreutils +Requires: %{name}-libs%{?_isa} + +%description +The OpenSSL toolkit provides support for secure communications between +machines. OpenSSL includes a certificate management tool and shared +libraries which provide various cryptographic algorithms and +protocols. + +%package libs +Summary: A general purpose cryptography library with TLS implementation +Requires: ca-certificates >= 2008-5 +Requires: crypto-policies >= 20180730 +Recommends: openssl-pkcs11%{?_isa} + +%description libs +OpenSSL is a toolkit for supporting cryptography. The openssl-libs +package contains the libraries that are used by various applications which +support cryptographic algorithms and protocols. + +%package devel +Summary: Files for development of applications which will use OpenSSL +Requires: %{name}-libs%{?_isa} +Requires: pkgconfig + +%description devel +OpenSSL is a toolkit for supporting cryptography. The openssl-devel +package contains include files needed to develop applications which +support various cryptographic algorithms and protocols. + +%package perl +Summary: Perl scripts provided with OpenSSL +Requires: perl-interpreter +Requires: %{name}%{?_isa} + +%description perl +OpenSSL is a toolkit for supporting cryptography. The openssl-perl +package provides Perl scripts for converting certificates and keys +from other formats to the formats used by the OpenSSL toolkit. + +%prep +%autosetup -S git +%{SOURCE1} > /dev/null +cp %{SOURCE8} crypto/ec/ +cp %{SOURCE9} test/ + +%build +sslarch=%{_os}-%{_target_cpu} +%ifarch x86_64 +sslflags=enable-ec_nistp_64_gcc_128 +%endif +%ifarch aarch64 +sslarch=linux-aarch64 +sslflags=enable-ec_nistp_64_gcc_128 +%endif +%ifarch riscv64 +sslarch=linux-generic64 +%endif + +RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS" + +export HASHBANGPERL=/usr/bin/perl + +./Configure \ + --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ + --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ + zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ + enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\ + no-mdc2 no-ec2m no-sm2 no-sm4 \ + shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' + +make -s %{?_smp_mflags} all + +for i in libcrypto.pc libssl.pc openssl.pc ; do + sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i +done + +%install +rm -rf $RPM_BUILD_ROOT +install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}} +%make_install +rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} +for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do + chmod 755 ${lib} + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} +done + +rm -f $RPM_BUILD_ROOT%{_libdir}/*.a + +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs +install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate +install -m755 %{SOURCE4} %{SOURCE5} $RPM_BUILD_ROOT%{_bindir}/ + +mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir} +mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir} +mv $RPM_BUILD_ROOT%{_mandir}/man5/config.5ossl $RPM_BUILD_ROOT%{_mandir}/man5/config.cnf.5 + +mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/{certs,crl,newcerts} +mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private + +touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf +touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf + +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf.dist,ct_log_list.cnf.dist,fipsmodule.cnf} + +%files +%{!?_licensedir:%global license %%doc} +%license LICENSE.txt +%doc NEWS.md README.md +%{_bindir}/make-dummy-cert +%{_bindir}/renew-dummy-cert +%{_bindir}/openssl +%{_mandir}/man1/* +%{_mandir}/man5/* +%{_mandir}/man7/* +%{_pkgdocdir}/Makefile.certificate +%exclude %{_mandir}/man1/*.pl* +%exclude %{_mandir}/man1/tsget* + +%files libs +%{!?_licensedir:%global license %%doc} +%license LICENSE.txt +%dir %{_sysconfdir}/pki/tls +%dir %{_sysconfdir}/pki/tls/certs +%dir %{_sysconfdir}/pki/tls/misc +%dir %{_sysconfdir}/pki/tls/private +%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf +%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf +%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} +%{_libdir}/libcrypto.so.%{soversion} +%attr(0755,root,root) %{_libdir}/libssl.so.%{version} +%{_libdir}/libssl.so.%{soversion} +%attr(0755,root,root) %{_libdir}/engines-%{soversion} +%attr(0755,root,root) %{_libdir}/ossl-modules + +%files devel +%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el +%{_prefix}/include/openssl +%{_libdir}/*.so +%{_mandir}/man3/* +%{_libdir}/pkgconfig/*.pc + +%files perl +%{_bindir}/c_rehash +%{_bindir}/*.pl +%{_bindir}/tsget +%{_mandir}/man1/*.pl* +%{_mandir}/man1/tsget* +%dir %{_sysconfdir}/pki/CA +%dir %{_sysconfdir}/pki/CA/private +%dir %{_sysconfdir}/pki/CA/certs +%dir %{_sysconfdir}/pki/CA/crl +%dir %{_sysconfdir}/pki/CA/newcerts + +%ldconfig_scriptlets libs + +%changelog +* Tue Mar 8 2022 forrest_ly - 3.0.1-1 +- Init for Anolis OS 23