From 114e607d76016b7311a33ca78e3710314d5679e5 Mon Sep 17 00:00:00 2001 From: motemotech Date: Mon, 2 Dec 2024 23:39:27 +0900 Subject: [PATCH] change test for missing sha256 rsa algorithms --- circuits/package.json | 1 + circuits/tests/prove.test.ts | 2 + common/src/constants/constants.ts | 5 + common/src/constants/mockCertificates.ts | 133 ++++++ common/src/mock_certificates/openssl.cnf | 397 ++++++++++++++++++ .../sha256_rsa_3_2048/mock_csca.key | 52 +++ .../sha256_rsa_3_2048/mock_csca.pem | 34 ++ .../sha256_rsa_3_2048/mock_dsc.key | 28 ++ .../sha256_rsa_3_2048/mock_dsc.pem | 29 ++ .../sha256_rsa_65537_3072/mock_csca.crt | 34 ++ .../sha256_rsa_65537_3072/mock_csca.key | 52 +++ .../sha256_rsa_65537_3072/mock_dsc.crt | 31 ++ .../sha256_rsa_65537_3072/mock_dsc.key | 40 ++ .../utils/certificates/handleCertificate.ts | 20 +- common/src/utils/genMockPassportData.ts | 14 + common/src/utils/generateInputs.ts | 4 +- common/src/utils/utils.ts | 22 +- 17 files changed, 881 insertions(+), 17 deletions(-) create mode 100644 common/src/mock_certificates/openssl.cnf create mode 100644 common/src/mock_certificates/sha256_rsa_3_2048/mock_csca.key create mode 100644 common/src/mock_certificates/sha256_rsa_3_2048/mock_csca.pem create mode 100644 common/src/mock_certificates/sha256_rsa_3_2048/mock_dsc.key create mode 100644 common/src/mock_certificates/sha256_rsa_3_2048/mock_dsc.pem create mode 100644 common/src/mock_certificates/sha256_rsa_65537_3072/mock_csca.crt create mode 100644 common/src/mock_certificates/sha256_rsa_65537_3072/mock_csca.key create mode 100644 common/src/mock_certificates/sha256_rsa_65537_3072/mock_dsc.crt create mode 100644 common/src/mock_certificates/sha256_rsa_65537_3072/mock_dsc.key diff --git a/circuits/package.json b/circuits/package.json index b444f22b2..bac2a865f 100644 --- a/circuits/package.json +++ b/circuits/package.json @@ -5,6 +5,7 @@ "license": "MIT", "scripts": { "test": "yarn ts-mocha --max-old-space-size=8192 'tests/**/*.test.ts' 'tests/*.test.ts' --exit", + "test-prove": "yarn ts-mocha --max-old-space-size=8192 'tests/prove.test.ts' --exit", "install-circuits": "cd ../common && yarn && cd ../circuits && yarn", "format": "prettier --write .", "lint": "prettier --check ." diff --git a/circuits/tests/prove.test.ts b/circuits/tests/prove.test.ts index 9ddd319ce..61e452daa 100644 --- a/circuits/tests/prove.test.ts +++ b/circuits/tests/prove.test.ts @@ -16,6 +16,8 @@ const sigAlgs = [ { sigAlg: 'rsa', hashFunction: 'sha1', domainParameter: '65537', keyLength: '2048' }, { sigAlg: 'rsa', hashFunction: 'sha256', domainParameter: '65537', keyLength: '2048' }, { sigAlg: 'rsapss', hashFunction: 'sha256', domainParameter: '65537', keyLength: '2048' }, + { sigAlg: 'rsa', hashFunction: 'sha256', domainParameter: '3', keyLength: '2048' }, + { sigAlg: 'rsa', hashFunction: 'sha256', domainParameter: '65537', keyLength: '3072'}, { sigAlg: 'ecdsa', hashFunction: 'sha256', domainParameter: 'secp256r1', keyLength: '256' }, { sigAlg: 'ecdsa', hashFunction: 'sha1', domainParameter: 'secp256r1', keyLength: '256' }, ]; diff --git a/common/src/constants/constants.ts b/common/src/constants/constants.ts index 595cc343f..25dcb2f24 100644 --- a/common/src/constants/constants.ts +++ b/common/src/constants/constants.ts @@ -29,6 +29,8 @@ export const MAX_PADDED_ECONTENT_LEN: Partial> = { @@ -38,6 +40,8 @@ export const MAX_PADDED_SIGNED_ATTR_LEN: Partial> = { @@ -92,6 +96,7 @@ export const circuitToSelectorMode = { export const MAX_DATAHASHES_LEN = 320; // max formatted and concatenated datagroup hashes length in bytes export const n_dsc = 64; export const k_dsc = 32; +export const k_dsc_3072 = 48; export const n_csca = 120; export const k_csca = 35; export const n_dsc_ecdsa = 43; diff --git a/common/src/constants/mockCertificates.ts b/common/src/constants/mockCertificates.ts index f4b399364..7faec3320 100644 --- a/common/src/constants/mockCertificates.ts +++ b/common/src/constants/mockCertificates.ts @@ -543,3 +543,136 @@ CLpT -----END CERTIFICATE----- ` +export const mock_dsc_key_sha256_rsa_65537_3072 = `-----BEGIN PRIVATE KEY----- +MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCxoTQRUOf0mU86 +f71+4KF4MAU3EQ+XkTwdD8F4bKMhEOb0QpUtiQebkD5qyp04Ur/vRZWqpSJIwpvY +c8m9+jIlcxu1YxZpRQeiuybHKEPwyoAP9TqNTPERme+iwkVtQJtMZbR8rr71+P8b +iRZQHKs+6p9SmxUM7SJ9MpU/XdvnioLK6t4cHEe6QnzC6yY32MJY9v3XtNbmIgBx +JGnOtvsVJJIE50oNIqwIfzp/YNHOR2nDo0ekdDpTF+8gY3lKrcoQyBwK2gZg9cOc +s5hY/Et1SQV/81X/C0EM8TrkH9SOQvAepnJcnHahgD8iXLFOBVagAw0NliTcRR+u +03KCzk+xbaZqq0IZS2rfserAMn8TDr2IqsCZ1Y2nml902YOWFdb0Z+YDzr344NdS +W2B1XEinzRn/E+nWyhaqlkSNUFGeWrIbVl/726oFaUD0Z8POTRqJe2FHDPfiD9RI +3/Oq1/m8009ixsMMAPgytTyykEpsCHzmzCQ1PMOXAKEvYAcas/0CAwEAAQKCAYAL +f1WxcT0yVeIM9Uu8tKl+8AzGXbJWqy3q66QoOU/tyfxI/y5Mvjvh09pWazr19FU8 +FZL0cq/faclQn14Fj/ZC+kpm2T0QH0m5PMfryC1tno3feo4Jq1tHOmGKdWys/6uN +rF+cWms93JoWnC73jIOBFQqu/B7GsWq0E9wZN+gN+qcwnzc1Npdl9PvCWholL0CV +JZeUqL3oM3c325WFrc5etflFm/rtErtz6VhN+mRaJ8EuypjOij9kNX5i6E1nigwY +eiRXa1TK1DKiuv/KOg9OkktkHdZ2MrAgPs67bcFVWfxAfZBHgQHj3zzU2wLwKVQG +x7teV91B/URZA6eMXePplDfAjn3g3IwmJFtlW7cBh6rn1G+kaT3EsnvQIXVVpUOn +D5g6YGm+G8WGiyLrOLTPhan141Yqqw2zXaMIEfU5A4Esp4cEEvvgVMp8HsMF6RzY +58qySVKGuvou5u25WcESOjrLajtUzJmB9lVNxaJG7qYKGrPGBJUTsChbl/CrHfkC +gcEA7WsKaTetq+ZgSBhPJh12qKxMGdSvEXJjpq1R3HUR/rD1voZBr2IRbz874m0Y +x8GiQCst/sufrtniAz5aGzRGrIyFo+oKAOUm06g1MXgaL+B3Pr1tdlA86sREeNMY +dBKXGbO1BMrLWuLCcJUTUy7nrYj0ihdMegG4v5xskfieE8xdWbMALqJnsg3OGgwI ++dgX/l+Ay3io8scFLpRJ8PAddRcQa+MTPR/EYvxQ8k5IG9Qo8heNCEAMu3Q+ifFW +F2KHAoHBAL+IOrHyt+2bjOpLO118Xrf/N0MLEGpzMAVoyOj6+mCKCTFOXvXPfl57 +Y1HPBRTpxf1eUdY66fgJ8CpQoDA8PHflg3XfXgiP91zBE7gPdsvYbqHVsym+ZQTB +zCG6DI9UKMgKiID33ul1O3x4HyBEytDWlX3XEwrgPiYoaLdUfDP4xnGxou8E4RWj +8FLcNDYX5/0hNixmg8wSE+hhWc6yfJFnNol5q0ezzS80MpghLSB5ESohOdU36SwZ +mVZbfBViWwKBwCVXpLeP7l0PSy2LxUc1cyhskTuu3CpeV5YrxKhsMXxh0QU6kLJJ +NnzM8VpX1oH0ztRQ9lcRJ/iUhJwF/p4wxrz1DUAO26vwXv8DgfpZ7aSCJb9UhBcL +38j9PdfTPBFlqyZ7wYkTbJDLAdI7YGLBCeedlvjxWTIHe0uICvuaoyJyDmzBXtH2 +8WBsE3K9WdwSRRPZaaSXQduNuh7tbAPdgISeMBMIEEqY6Ia5MPIrpePapuYNFj2p +9Va2ne+MagIbmQKBwG+Yh2JxYnteG4/Tv8YrleCtIly80JbFgKBWOmGNAl9Hbi29 +VRTyDdYtHGRpM7PIteR3lUU2VGaCG9371inknvLY1mzSda6Ve3IeyUeAMx54f5Vp +txdGaQOJi0/HYFQOnChaAsjqI4ZxGPTf5HrfujBOJxIIQ38dwvhmqQTQhAGgHLfX +4XBUrnT2bStKRF2UNkZFmJPsMzSu/8xxFGubkXsC4ULekk6X06CCUExVYD7Aa6DZ +dSHnjsN0MuSfL0AiawKBwDsqipLJ9EfPtZ5IU41REE6B1tQ9K7ZZ/7aBce/QLu9Z +052HC8jVjHzzN+Yb7MEqhtw80fosohG8iwx0rsDsWM5Sw0trYQEGlzA7jShklAah +JrmE2+TUuM/M3rYb+Kg1vnH/J6MAOqewcwOi9RKHwH8RqotxcBw2z6YOFJ1vwxDN +i8lO2nber6ig+TQwct6w2JlQW1ilYKr/NPDZdQmyUcz9fN58vrQekNjcRtw6zJAz +CTJ1BhLIZ0tfiN7Hxx98jQ== +-----END PRIVATE KEY----- +`; + +export const mock_dsc_sha256_rsa_65537_3072 = `-----BEGIN CERTIFICATE----- +MIIFXDCCA0SgAwIBAgIUMbh7OFxP8qTT3eTw/8Bgu5CnuIEwDQYJKoZIhvcNAQEL +BQAwdzELMAkGA1UEBhMCWFgxEzARBgNVBAgMCm1vY2sgc3RhdGUxEjAQBgNVBAcM +CW1vY2sgY2l0eTEXMBUGA1UECgwObW9jayBpbnN0aXR1dGUxEjAQBgNVBAsMCW1v +Y2sgbmFtZTESMBAGA1UEAwwJbW9jayBuYW1lMB4XDTI0MTIwMjA2NDI1M1oXDTI1 +MTIwMjA2NDI1M1owdzELMAkGA1UEBhMCWFgxEzARBgNVBAgMCm1vY2sgc3RhdGUx +EjAQBgNVBAcMCW1vY2sgY2l0eTEXMBUGA1UECgwObW9jayBpbnN0aXR1dGUxEjAQ +BgNVBAsMCW1vY2sgbmFtZTESMBAGA1UEAwwJbW9jayBuYW1lMIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAsaE0EVDn9JlPOn+9fuCheDAFNxEPl5E8HQ/B +eGyjIRDm9EKVLYkHm5A+asqdOFK/70WVqqUiSMKb2HPJvfoyJXMbtWMWaUUHorsm +xyhD8MqAD/U6jUzxEZnvosJFbUCbTGW0fK6+9fj/G4kWUByrPuqfUpsVDO0ifTKV +P13b54qCyureHBxHukJ8wusmN9jCWPb917TW5iIAcSRpzrb7FSSSBOdKDSKsCH86 +f2DRzkdpw6NHpHQ6UxfvIGN5Sq3KEMgcCtoGYPXDnLOYWPxLdUkFf/NV/wtBDPE6 +5B/UjkLwHqZyXJx2oYA/IlyxTgVWoAMNDZYk3EUfrtNygs5PsW2maqtCGUtq37Hq +wDJ/Ew69iKrAmdWNp5pfdNmDlhXW9GfmA869+ODXUltgdVxIp80Z/xPp1soWqpZE +jVBRnlqyG1Zf+9uqBWlA9GfDzk0aiXthRwz34g/USN/zqtf5vNNPYsbDDAD4MrU8 +spBKbAh85swkNTzDlwChL2AHGrP9AgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD +VR0PAQH/BAQDAgeAMB0GA1UdDgQWBBREj9yGP/9mEdbehi10BRfCS0+oUjAfBgNV +HSMEGDAWgBSxeYUDrOeL5Sy7Rgaz9PQ9To6/vTANBgkqhkiG9w0BAQsFAAOCAgEA +tipJvbUbNQ7Vl7fmj+cf7cIlwXwVP3egZq0aQYYZ0EYJGjxSnlMBsb9ixdhjoU2l +Ln2DiZwgW63fjlnxEUEoTe+O7M0yC4vd77nkVP0Old6zdQRInbz/PTF0o9lOrajb +jXibjJTMH2i1VoO61SckZjtF09XDAHXvJrzEKD4Vb6lZrWoYjSgwZb3wvF3q79Sc ++rLx3TSUfCGkZuStvU1yedsuXtG2I1pS2Y2sztb2xr9Ld82CM3OWAzLmdgpL2B7n +ej3lqnD+m+mdtXTLEKbK+GD3Dt3WfrJndPmbhrvJT/Jr2Gb22u/4jYnuEN5OI48C +BPx7wXc6RAt3HOCRGPT4KP602PbciHA0GQSN48WAveYPiATulXSFXleGNGUnAcd3 +GTEsoWd1Uz+l5I2qT4fInvmBJ8QsSmpb3QL5RhuMtSkmAHORMgd7t0sV5G0HCNBx +DbXBarKNkqBWFqo1kt8S0RmSBAt4VxvKwVG2kWtQAzXEOM0gVMYTuMw1EF6HIlfW +hHDvaF5OBywEwrPjJwk60C2IXeNJ99K620MOA4WNoleJAU8qYDG82Iskw81WwncN +7R8HR2dl54iKLpqKb/a1BleWjtXxTVs2B1LeWrfmmiXu25EiZwzT5tTBFmIYO68U +6AArgamlJrPYaHoi187k9/HL1fWS7H6xyvrPQht+LBE= +-----END CERTIFICATE----- +`; + +export const mock_dsc_key_sha256_rsa_3_2048 = `-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCf5zhESG4lHfSI +mZ7uM618iDRdDjB/2JTQFHQl8WnsjHs38u8sn7AD3y2I4X0U5U765Qmdnjzi2C1S +Is3+7LVUw9dopDNlmxopC8ecnOIBx/eQEgz8RjIirtVdOWAoCzdXdaQH6XzfPpOF +gGd8TOYYUvEllzYZ/O8k47r3nzbBeKWA+YM+KF8KK//93Y0Y8+OBfArL2qtEwEzq +4HjXdEDqRnulh2H3R5NyynYzgmThnOmZm2BeIbpfZh0u8IRxseEFu3bwuGREAtVm +xFIb8UskOj/BPX4MFIL8OQY271/MMY1gXL180yDLEiyQLhTcEO9JKbEY5AG9F/Z+ +ppF6ghp/AgEDAoIBAGqaJYLa9Bi+owW7v0l3yP2wIui0IFU7DeANosP2Rp2y/M/3 +Sh2/yq0/c7CWU2NDifyYsRO+00Hlc4wXM/9IeOMtOkXCzO5nZsYH2mholqvapQq2 +s1LZdsHJ45N7lXAHejpObVqbqJTUYlkARP2ImWWMoMO6JBFTShiX0fpqJID6CzyH +EGAEeG85jY4AYZMDn4/w6QOG1MB7JTJerr5Ch91eAORxXPeWhfYDA5jMpa0Jhf/a +IFazHI+t0RjmC1OnT2jFnrRP43/4pN8k1Cdnly5VketnmEZljIRcFzexZ09s9Kvb +QgiFlQKofolFks9SmhOjjzqjrQ27S3CZvSKWPUsCgYEAynH21IK0G64TmOgkY5un +hiXWky2a2cHv/y1e2jcLuOegHo8ApOh2bQ2J9clEhwc/1L5+TNIFln66S1na7Rfr +RAP3igzs4DPZrha32atjhVR+oq+h82X0BiSY7bAIrzafDgMIHwZCkzkZJJAvvSFA +moh7iK999VnWQnE8PuaYcikCgYEAyjQ4FittjrVCEsC4lyDG7gO8Ghj1kmIXlfHz +mIMEvDaZW7/csZtvXXQ7+wUK5VbOy9tV4woPeQknGC+8hlxLpeSbftVTrtA0MAFV +OjVyYwo7QjCAJjyIKhEV9bNclZ5vEFuLu2nILg38SjIV+4PUbaM40ZFwiM6owuSD +tuAITGcCgYEAhvakjax4EnQNEJrC7RJvrsPkYh5nO9af/3OUkXoH0JpqvwoAbfBO +815b+TDYWgTVOH7+3eFZDv8m3OaR82VHgq1PsV3zQCKRHrnP5nJCWOL/Fx/BTO6i +rsMQnnVbH3m/XqywFK7XDNC7bbV1KMDVvFr9BcpT+OaO1vYoKe8QTBsCgYEAhs16 +uXJJCc4sDIB7D2svSVfSvBCjtuwPuUv3uwIDKCRmPSqTIRJKPk19UgNcmOSJ3Tzj +7LFfpgYaEB/TBD2Hw+28/zjidIrNdVY40Xj27LF81ssAGX2wHAtj+SI9uRRKCuey +fPEwHrP9hswOp604SRd7NmD1sInF10MCeeqwMu8CgYBQDHw32spGKcd2BfCfEFQZ +EmD185epdSuqbOEnW/f4jzMNBbrdHG3b81F+Tfj7m+kUby9raIHPLORaz/cyPomJ +GXvw+qEJljAYF6TGS/ujGejuMrMUQaDIehnfqqVgkU34n5w6pW54Wm4gsIvqCR4X +KL0lNZBiuPh556du22E3iw== +-----END PRIVATE KEY-----`; + +export const mock_dsc_sha256_rsa_3_2048 = `-----BEGIN CERTIFICATE----- +MIIE3zCCAsegAwIBAgIUUQ+tRPeySv/aOXHDYlQgS8ly6jAwDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCWFgxEzARBgNVBAgMCm1vY2sgc3RhdGUxEjAQBgNVBAcM +CW1vY2sgY2l0eTEXMBUGA1UECgwObW9jayBpbnN0aXR1dGUxFTATBgNVBAsMDG1v +Y2sgc2VjdGlvbjESMBAGA1UEAwwJbW9jayBuYW1lMB4XDTI0MTIwMjEzMzcxMloX +DTM0MTEzMDEzMzcxMloweTELMAkGA1UEBhMCWFgxEjAQBgNVBAgMCW1vY2sgbmFt +ZTESMBAGA1UEBwwJbW9jayBjaXR5MRcwFQYDVQQKDA5tb2NrIGluc3RpdHV0ZTEV +MBMGA1UECwwMbW9jayBzZWN0aW9uMRIwEAYDVQQDDAltb2NrIG5hbWUwggEgMA0G +CSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCf5zhESG4lHfSImZ7uM618iDRdDjB/ +2JTQFHQl8WnsjHs38u8sn7AD3y2I4X0U5U765Qmdnjzi2C1SIs3+7LVUw9dopDNl +mxopC8ecnOIBx/eQEgz8RjIirtVdOWAoCzdXdaQH6XzfPpOFgGd8TOYYUvEllzYZ +/O8k47r3nzbBeKWA+YM+KF8KK//93Y0Y8+OBfArL2qtEwEzq4HjXdEDqRnulh2H3 +R5NyynYzgmThnOmZm2BeIbpfZh0u8IRxseEFu3bwuGREAtVmxFIb8UskOj/BPX4M +FIL8OQY271/MMY1gXL180yDLEiyQLhTcEO9JKbEY5AG9F/Z+ppF6ghp/AgEDo2Aw +XjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUXjTaRCja +/qEZtJQ69p8m326tdhAwHwYDVR0jBBgwFoAU7NcKAq7dYNmEVESrTLVr91/q2+Qw +DQYJKoZIhvcNAQELBQADggIBAFbWBNkE9Bmuv/aFWQSY1vWXQrcQxMOD5yeFslj1 +tItxhQyj3/dpPoZ87Q0B3GxPHSZlI/xOFneTxs4DBiOFHR/3HV9Q5S8G/JIRfGXx +mAuZVRqgJUaASir79SqGtMgsjxZbdY8yz0/hRaukZ9zlcsjTbZR6P59gX2yRMMTx +3zIH/q/bEwqmFhXzV11K+B9pkGyYzsaiAFMxdp4jXv/pQMo3SoWuHmTEbwaINMZe +3Ek6wsGGQdSM0XkGYhsrJhn5I8HlG4NuYx5o9Q1kvfm1b7Q9ZA1y2Hw2VDdcKe94 +lLC+RvzYLkmVHtSSHrwJbGvEGLP6Oi1QCQ3gdLs14GXHcvkHF+u+Hky90QflY+4V +kBMDCeQEHPTZ+z5KlZsVn6J84LlvjOPzfY6O5EI3sNZn/XrtaVoz0t4fUarJ8CN2 +cIlCXtLAlhwxvkvq6fXlDHODihiBrcmRBxz08o+IXvjgBYlfHWP5iDS4RO0lzId4 +2BlBoWQbo8sMYS/3Ns5RV10bqtkDb7GMl+w8o21jTQ877JMop41tG9leD6WLaCxu +JYSWvyeHGutMDlIMuw5KEE1kVxR2XXcZypc9dWHGaI6MrYwpmmvTB6oZg11FEZzm +S8w23130L6pAB1EjCC8lUQubEkgDZ0bfy4UxpkOiqctzYdakvgo+zOwpORhN/Wxp +Vnmv +-----END CERTIFICATE-----`; \ No newline at end of file diff --git a/common/src/mock_certificates/openssl.cnf b/common/src/mock_certificates/openssl.cnf new file mode 100644 index 000000000..d6293ec96 --- /dev/null +++ b/common/src/mock_certificates/openssl.cnf @@ -0,0 +1,397 @@ +# +# OpenSSL example configuration file. +# See doc/man5/config.pod for more info. +# +# This is mostly being used for generation of certificate requests, +# but may be used for auto loading of providers + +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + + # Use this in order to automatically load providers. +openssl_conf = openssl_init + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + +# Extra OBJECT IDENTIFIER info: +# oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +# For FIPS +# Optionally include a file that is generated by the OpenSSL fipsinstall +# application. This file contains configuration data required by the OpenSSL +# fips provider. It contains a named section e.g. [fips_sect] which is +# referenced from the [provider_sect] below. +# Refer to the OpenSSL security policy for more information. +# .include fipsmodule.cnf + +[openssl_init] +providers = provider_sect + +# List of providers to load +[provider_sect] +default = default_sect +# The fips section name should match the section name inside the +# included fipsmodule.cnf. +# fips = fips_sect + +# If no providers are activated explicitly, the default one is activated implicitly. +# See man 7 OSSL_PROVIDER-default for more details. +# +# If you add a section explicitly activating any other provider(s), you most +# probably need to explicitly activate the default provider, otherwise it +# becomes unavailable in openssl. As a consequence applications depending on +# OpenSSL may not work correctly which could lead to significant system +# problems including inability to remotely access the system. +[default_sect] +# activate = 1 + + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ v3_dsc ] + +# Extensions for the Document Signer Certificate (DSC) +basicConstraints = critical, CA:FALSE +keyUsage = critical, digitalSignature +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) + +[insta] # CMP using Insta Demo CA +# Message transfer +server = pki.certificate.fi:8700 +# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080 +# tls_use = 0 +path = pkix/ + +# Server authentication +recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer +ignore_keyusage = 1 # potentially needed quirk +unprotected_errors = 1 # potentially needed quirk +extracertsout = insta.extracerts.pem + +# Client authentication +ref = 3078 # user identification +secret = pass:insta # can be used for both client and server side + +# Generic message options +cmd = ir # default operation, can be overridden on cmd line with, e.g., kur + +# Certificate enrollment +subject = "/CN=openssl-cmp-test" +newkey = insta.priv.pem +out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature +certout = insta.cert.pem + +[pbm] # Password-based protection for Insta CA +# Server and client authentication +ref = $insta::ref # 3078 +secret = $insta::secret # pass:insta + +[signature] # Signature-based protection for Insta CA +# Server authentication +trusted = $insta::out_trusted # apps/insta.ca.crt + +# Client authentication +secret = # disable PBM +key = $insta::newkey # insta.priv.pem +cert = $insta::certout # insta.cert.pem + +[ir] +cmd = ir + +[cr] +cmd = cr + +[kur] +# Certificate update +cmd = kur +oldcert = $insta::certout # insta.cert.pem + +[rr] +# Certificate revocation +cmd = rr +oldcert = $insta::certout # insta.cert.pem diff --git a/common/src/mock_certificates/sha256_rsa_3_2048/mock_csca.key b/common/src/mock_certificates/sha256_rsa_3_2048/mock_csca.key new file mode 100644 index 000000000..67a1b1c1b --- /dev/null +++ b/common/src/mock_certificates/sha256_rsa_3_2048/mock_csca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCTxXzxo0Ww6KWd +Zv0Om9TkR4YKsjMzFJWdd1QmnImwDmM5xUJLQknIi80+Y7AJmirqe8lyjXanCo3s +ozE/xei++D/X+Q9/tZf5owVmI1v+VWtG4NDkiM4vPL4OdqzG30VhzG9t9WISADRu +I2i/UTtCY8U8Y1DFxt5+m+s6MSX5RYH/0n+4exDjbBd+RvgGX7o1KCe4iSubQy2F +sJbbpdLUSAQR14Bjz3gLfNXcESjXte818AfcvNbacfZPn7gnF+HbHoZ0OrCRFLpq +3IUMnvi/ZS5F4SjTPL+QNQMDQXGt2hMbeZwK1PFBlBoDfNuq4+VysfeNJ4Gm+Wec +62We+zqNZ87jr4Vwa4ydKRyA6qazKg+bTPPkYuz6g+d0JjGXCVNkCROEzpllz9sV +Q7RtklWxuwO2T3B0W1xAKax1jOmMjYMNsBnkx24XsDFcRIy65CecjYrB3dvnh1YB +v4Wu6CwZpyAj8G1IKpfalAgNK8hmGe7I32LPuEK9HL0eMdHovQ6stJ3SRtjOxkXK +xGzzhHLRqhM9jALOk2qCMWGyuC2DauN5YdEy7iYWIsmi+dpBL+4q29dVKIh8xkmi +qAWrUpI5rRi+1vBmTQ3Mp9S8TMiZ9dWkxMBsm3hmdwQiKPl/1uI8Rt+u33rt4Jqc +Q+9kp3m5Smz++LAToCsLOXi7GlMukQIDAQABAoICAAvp87wNqbbs2DwbthJhSPr2 +CJ4V0PVGLGvg15AyCxMpOHcgwCAON6Grd9WXDEsx5VI4vxH1IC2xNvvEX9pK7Awd +kBQrGJn3e58dCs3kfZcWBEtXdoVpFuqNugBeMWmVTbmSqyHmk0zCkczsHkFdMhW/ +soK/D8o/puehTYfzDM3kpz8Haym7WQNk+ciXaIl8Wqh3f4BW0C+5QlMm3NAtC0BM +kBtvewKmaFYmGfNKD4zDYTEW6aNdNvCvbdLsnIMhCfd0e2r6jQrIF4w5vEu7Xhsc +SWyejdU+GW8YfxDaTBPeuFn85jJPXyYmOSoH0olxd1SAebt6hcRUaQtTRUMEnACe +3wxADCuTVtkbImhZ0UXjpBLR1VwfbDJU7wrrLlIlGpSxwywAgnolUEHOd5poI6uh +cOQcKBl/Q4216agjv6OTqCdSyusl0d+rjN2XWDzNnII/xfOPWaH0xi+JWz1vt3ZO +Gu04evQm/j7IeG85AWQhwsPnNp30SulUCKGCwFNiZufqgOwSjZnVZkLSa3g7kenM +LL1NhAoD7E/wEpioJg+bdKi4Lk3v/+drhK7mb52WBXrgtvWt/sPDxSQb9IXiQhFg +qHlxYFd9lKmBVr85POGPwWgBi3lpEF+N6/XHxkk8Fj5zQ2QNGxKo42ENhoIgZMTk +a+337q/0dXbKzUDBz8CLAoIBAQDMDIQJRnhBqPHVCQkf2kaZ1WN0WwKUaR3+2rXv +H4HUVtrj9TETHlTF6qoPG+d8k/ddU3gkK2UJP/3N9FQiOaQ78KctZ6Ik4Lj5Ut6k +rSJMkfJFba0VB7jtLaOHM4p665PCqp9X8alDdT+FrUj6uPJQAxxLAHVl2B9MOTpO +QWAnqzTOi/mEpkp0YW+jo0LJGLFZrwdWAm/7MMbbF5oUJRJFGFLx5ZLk37WcNvaz +809BHPoV+GKJ9m8RUD8yP0Es6l8ejQ6BvioBOXN06qD2xg/j2HU178izVojrH2wc +9+ObSIymX57gmb/5iy1RyPKrUS9nmYet0WZvpbChd5S+qHPfAoIBAQC5ZOyqZn2D +SF3RX9NJW/Zd004Mch/bZ0OGhodHTDkKBl9pxzOmXaJI8c9XDlPCHNtYwv2K/POC +WQAMZ853qHysYS9Bm86HqV/XJqhhFTbw6SSDvtSXGA+0MUisi9sbvYnMJGnfQFgc +xiBIP9v/3s9sh+BCo/pU1E22tauKImivPyHAYjqnACaeQqDYsl7fy5f9EHWipkBp +jXe3CKEvLY7lGa/Imzu7DXHLLkXko350W364EhNI5eY174TJ7P0GWfjukF4MWsEF +D7QEi0N2C9XSonFpUvCTlwsVOzuBnVnvgts7N0BpxQyrAUn3nz00LecV/Uyt+WLF +lp0w7PWpvCuPAoIBAQCPXSPP2IFZsLfo9CZDCPudzf3InMEdQRXgIA6/6aUwaa31 +iCpowmDRheTiJLrqHpQoMCMzVoHwk9NhRw9t1I39x0HOdwfHXVTZaE4h6bs1jT1p +Znu7UOevTOeecKoVXzs8BOFbyuEgElsFMxEZh6RIb0cLs1DIs6aZyYObw/cpJ/M8 +Q8CWYLfjOSpVELo1zHGfD4jZ93ByTn0JJnYNPVau0T5F0wT4Ze2VylBfcs32c8OK +eC/Tux+iTH16clL6mdkm//h3VALzRUhHlyps+A/mCAmiUczzpBMjD7rIR6rVSY34 +vypDqALn889trQBDOhFSet6HU57jRsjpSblqk7SFAoIBAERShUVm7+ppyOlYPy1R +zsFVFfZQOJ1KuP/ipAgKdxrSrmb1Gnu9Fgl708VpakSnDc7wTS/jeHoZAoOP3e8L +EKcWSawMF1i3erJ3dKYSg2TVBrfmo8HrBB6L6xRrlhvrBdVNthaoR9CS02LM5e6t +1hNRH7xvYdnRQ7KJ0OXfOGUdBvs3OBZDX/gC5fP2CDDBfwmr/y4pxqMfl3bEn2Ib +kAWuKbHsQ17z3XPbYbaY6glHjrOXNbQvxV8rHeysgbLNhYelfINhDrEm0Fi8Wegv +BGXTp6gBANfjWhpA8fUaYAJ8Xv67pelUzQ5YM0ImVQ/dusPHzXJv7Y6TqupU6VPc +HNECggEBAMvyb62Dmb3wlzTIzzrcUL2ec2ocknTB31aFCvyhloRaX9VnF8WF6WIi +tuS39aGJfNlL1ff6XI7gIRPIkehvuf6NVJ/85H2JEZzl8K6rVyZ1hq/iH8yS/mUh +EkPrTVTk/XD4xcq0y1HjT+b/QZRlLIonEBZct3u+qC2hDx7ubzNqDgquOLLYvOu4 +VmdUVi06LuUIR7YGrRirnPUAtlM0YEbMdOvTpsGkNFAjw+YIIAJbJ3wR2+/1tgDR +vxrxmaGVHCezk0vHjOU7p0Hp6hsp89LFqztUQKVlkKc4K+G17sFQoe1M3gbFszWw +lXfloI3/H22/MYMAdGKjPNiBb7ez7ww= +-----END PRIVATE KEY----- diff --git a/common/src/mock_certificates/sha256_rsa_3_2048/mock_csca.pem b/common/src/mock_certificates/sha256_rsa_3_2048/mock_csca.pem new file mode 100644 index 000000000..710dd6238 --- /dev/null +++ b/common/src/mock_certificates/sha256_rsa_3_2048/mock_csca.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF5TCCA82gAwIBAgIUMbgy7N73edal4ugckA+ZaePTQzQwDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCWFgxEzARBgNVBAgMCm1vY2sgc3RhdGUxEjAQBgNVBAcM +CW1vY2sgY2l0eTEXMBUGA1UECgwObW9jayBpbnN0aXR1dGUxFTATBgNVBAsMDG1v +Y2sgc2VjdGlvbjESMBAGA1UEAwwJbW9jayBuYW1lMB4XDTI0MTIwMjEzMzYyMVoX +DTM0MTEzMDEzMzYyMVowejELMAkGA1UEBhMCWFgxEzARBgNVBAgMCm1vY2sgc3Rh +dGUxEjAQBgNVBAcMCW1vY2sgY2l0eTEXMBUGA1UECgwObW9jayBpbnN0aXR1dGUx +FTATBgNVBAsMDG1vY2sgc2VjdGlvbjESMBAGA1UEAwwJbW9jayBuYW1lMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAk8V88aNFsOilnWb9DpvU5EeGCrIz +MxSVnXdUJpyJsA5jOcVCS0JJyIvNPmOwCZoq6nvJco12pwqN7KMxP8Xovvg/1/kP +f7WX+aMFZiNb/lVrRuDQ5IjOLzy+Dnasxt9FYcxvbfViEgA0biNov1E7QmPFPGNQ +xcbefpvrOjEl+UWB/9J/uHsQ42wXfkb4Bl+6NSgnuIkrm0MthbCW26XS1EgEEdeA +Y894C3zV3BEo17XvNfAH3LzW2nH2T5+4Jxfh2x6GdDqwkRS6atyFDJ74v2UuReEo +0zy/kDUDA0FxrdoTG3mcCtTxQZQaA3zbquPlcrH3jSeBpvlnnOtlnvs6jWfO46+F +cGuMnSkcgOqmsyoPm0zz5GLs+oPndCYxlwlTZAkThM6ZZc/bFUO0bZJVsbsDtk9w +dFtcQCmsdYzpjI2DDbAZ5MduF7AxXESMuuQnnI2Kwd3b54dWAb+FrugsGacgI/Bt +SCqX2pQIDSvIZhnuyN9iz7hCvRy9HjHR6L0OrLSd0kbYzsZFysRs84Ry0aoTPYwC +zpNqgjFhsrgtg2rjeWHRMu4mFiLJovnaQS/uKtvXVSiIfMZJoqgFq1KSOa0Yvtbw +Zk0NzKfUvEzImfXVpMTAbJt4ZncEIij5f9biPEbfrt967eCanEPvZKd5uUps/viw +E6ArCzl4uxpTLpECAwEAAaNjMGEwHQYDVR0OBBYEFOzXCgKu3WDZhFREq0y1a/df +6tvkMB8GA1UdIwQYMBaAFOzXCgKu3WDZhFREq0y1a/df6tvkMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBm0s0oCQu4 +zGpdkZE4q3wS/s8zPgKO3gYXcycpj6sXT67+vvArnhmjD6LKiDAVYqRWi+zlutOY +X/6geF/0piYjdK/54Da4tvem9jpd5UnXwDbTkw1PxR+Kb9Px0yUDFOK0Md0kj4yP +WGig2pjws+CwMOccTShYCyViF6MBs2Vi94KxFb0rQimsLJFBflYBRg6RRLU4glz2 +U2xAUBXBatNjiIp8vj5UtCTjNlXlTo9MPITOV3jcORvWCn45UU4aWTaH7rpQw6Og ++jI8wNIXKqQU4TOVW+F3tKjG4hwwE4AEOVLk8CKIAvEdd222JQk59C1amWJpjYne +CkTSly3AqKrGkvmXUHhCzFGhaw96pjCzYdDF/xPBnFqLGuuNlmQ/717KXOAOiqMw +JhQfjhxEoRi6nUh7W+oPc4A8f6FThcHXH8moikbjEQtp0jEM7ye8AOJqUV42gIsO +CtIryXk1TGrnSJCzn6A/k7+w3LfE66CL8ZUIbx/yY2tSTnO1PqiNAqojj16Adkbf +mwJSSBx+UdFqunkIq5r3gwfd635SJjoZttuKh4kCKD6C5jsyEeNYZvUA3toRlAFa +HbBDSCXEE73H8/lPT9B7wFMNFp18oubqGZN4F/BB4ohjFI0PxUQrSML0IHPq4npF +rzoG+B1CbumgSLRlNBgrDr7nNZZSH+L83Q== +-----END CERTIFICATE----- diff --git a/common/src/mock_certificates/sha256_rsa_3_2048/mock_dsc.key b/common/src/mock_certificates/sha256_rsa_3_2048/mock_dsc.key new file mode 100644 index 000000000..0d8c8c11a --- /dev/null +++ b/common/src/mock_certificates/sha256_rsa_3_2048/mock_dsc.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCf5zhESG4lHfSI +mZ7uM618iDRdDjB/2JTQFHQl8WnsjHs38u8sn7AD3y2I4X0U5U765Qmdnjzi2C1S +Is3+7LVUw9dopDNlmxopC8ecnOIBx/eQEgz8RjIirtVdOWAoCzdXdaQH6XzfPpOF +gGd8TOYYUvEllzYZ/O8k47r3nzbBeKWA+YM+KF8KK//93Y0Y8+OBfArL2qtEwEzq +4HjXdEDqRnulh2H3R5NyynYzgmThnOmZm2BeIbpfZh0u8IRxseEFu3bwuGREAtVm +xFIb8UskOj/BPX4MFIL8OQY271/MMY1gXL180yDLEiyQLhTcEO9JKbEY5AG9F/Z+ +ppF6ghp/AgEDAoIBAGqaJYLa9Bi+owW7v0l3yP2wIui0IFU7DeANosP2Rp2y/M/3 +Sh2/yq0/c7CWU2NDifyYsRO+00Hlc4wXM/9IeOMtOkXCzO5nZsYH2mholqvapQq2 +s1LZdsHJ45N7lXAHejpObVqbqJTUYlkARP2ImWWMoMO6JBFTShiX0fpqJID6CzyH +EGAEeG85jY4AYZMDn4/w6QOG1MB7JTJerr5Ch91eAORxXPeWhfYDA5jMpa0Jhf/a +IFazHI+t0RjmC1OnT2jFnrRP43/4pN8k1Cdnly5VketnmEZljIRcFzexZ09s9Kvb +QgiFlQKofolFks9SmhOjjzqjrQ27S3CZvSKWPUsCgYEAynH21IK0G64TmOgkY5un +hiXWky2a2cHv/y1e2jcLuOegHo8ApOh2bQ2J9clEhwc/1L5+TNIFln66S1na7Rfr +RAP3igzs4DPZrha32atjhVR+oq+h82X0BiSY7bAIrzafDgMIHwZCkzkZJJAvvSFA +moh7iK999VnWQnE8PuaYcikCgYEAyjQ4FittjrVCEsC4lyDG7gO8Ghj1kmIXlfHz +mIMEvDaZW7/csZtvXXQ7+wUK5VbOy9tV4woPeQknGC+8hlxLpeSbftVTrtA0MAFV +OjVyYwo7QjCAJjyIKhEV9bNclZ5vEFuLu2nILg38SjIV+4PUbaM40ZFwiM6owuSD +tuAITGcCgYEAhvakjax4EnQNEJrC7RJvrsPkYh5nO9af/3OUkXoH0JpqvwoAbfBO +815b+TDYWgTVOH7+3eFZDv8m3OaR82VHgq1PsV3zQCKRHrnP5nJCWOL/Fx/BTO6i +rsMQnnVbH3m/XqywFK7XDNC7bbV1KMDVvFr9BcpT+OaO1vYoKe8QTBsCgYEAhs16 +uXJJCc4sDIB7D2svSVfSvBCjtuwPuUv3uwIDKCRmPSqTIRJKPk19UgNcmOSJ3Tzj +7LFfpgYaEB/TBD2Hw+28/zjidIrNdVY40Xj27LF81ssAGX2wHAtj+SI9uRRKCuey +fPEwHrP9hswOp604SRd7NmD1sInF10MCeeqwMu8CgYBQDHw32spGKcd2BfCfEFQZ +EmD185epdSuqbOEnW/f4jzMNBbrdHG3b81F+Tfj7m+kUby9raIHPLORaz/cyPomJ +GXvw+qEJljAYF6TGS/ujGejuMrMUQaDIehnfqqVgkU34n5w6pW54Wm4gsIvqCR4X +KL0lNZBiuPh556du22E3iw== +-----END PRIVATE KEY----- diff --git a/common/src/mock_certificates/sha256_rsa_3_2048/mock_dsc.pem b/common/src/mock_certificates/sha256_rsa_3_2048/mock_dsc.pem new file mode 100644 index 000000000..ec79b6987 --- /dev/null +++ b/common/src/mock_certificates/sha256_rsa_3_2048/mock_dsc.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE3zCCAsegAwIBAgIUUQ+tRPeySv/aOXHDYlQgS8ly6jAwDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCWFgxEzARBgNVBAgMCm1vY2sgc3RhdGUxEjAQBgNVBAcM +CW1vY2sgY2l0eTEXMBUGA1UECgwObW9jayBpbnN0aXR1dGUxFTATBgNVBAsMDG1v +Y2sgc2VjdGlvbjESMBAGA1UEAwwJbW9jayBuYW1lMB4XDTI0MTIwMjEzMzcxMloX +DTM0MTEzMDEzMzcxMloweTELMAkGA1UEBhMCWFgxEjAQBgNVBAgMCW1vY2sgbmFt +ZTESMBAGA1UEBwwJbW9jayBjaXR5MRcwFQYDVQQKDA5tb2NrIGluc3RpdHV0ZTEV +MBMGA1UECwwMbW9jayBzZWN0aW9uMRIwEAYDVQQDDAltb2NrIG5hbWUwggEgMA0G +CSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCf5zhESG4lHfSImZ7uM618iDRdDjB/ +2JTQFHQl8WnsjHs38u8sn7AD3y2I4X0U5U765Qmdnjzi2C1SIs3+7LVUw9dopDNl +mxopC8ecnOIBx/eQEgz8RjIirtVdOWAoCzdXdaQH6XzfPpOFgGd8TOYYUvEllzYZ +/O8k47r3nzbBeKWA+YM+KF8KK//93Y0Y8+OBfArL2qtEwEzq4HjXdEDqRnulh2H3 +R5NyynYzgmThnOmZm2BeIbpfZh0u8IRxseEFu3bwuGREAtVmxFIb8UskOj/BPX4M +FIL8OQY271/MMY1gXL180yDLEiyQLhTcEO9JKbEY5AG9F/Z+ppF6ghp/AgEDo2Aw +XjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUXjTaRCja +/qEZtJQ69p8m326tdhAwHwYDVR0jBBgwFoAU7NcKAq7dYNmEVESrTLVr91/q2+Qw +DQYJKoZIhvcNAQELBQADggIBAFbWBNkE9Bmuv/aFWQSY1vWXQrcQxMOD5yeFslj1 +tItxhQyj3/dpPoZ87Q0B3GxPHSZlI/xOFneTxs4DBiOFHR/3HV9Q5S8G/JIRfGXx +mAuZVRqgJUaASir79SqGtMgsjxZbdY8yz0/hRaukZ9zlcsjTbZR6P59gX2yRMMTx +3zIH/q/bEwqmFhXzV11K+B9pkGyYzsaiAFMxdp4jXv/pQMo3SoWuHmTEbwaINMZe +3Ek6wsGGQdSM0XkGYhsrJhn5I8HlG4NuYx5o9Q1kvfm1b7Q9ZA1y2Hw2VDdcKe94 +lLC+RvzYLkmVHtSSHrwJbGvEGLP6Oi1QCQ3gdLs14GXHcvkHF+u+Hky90QflY+4V +kBMDCeQEHPTZ+z5KlZsVn6J84LlvjOPzfY6O5EI3sNZn/XrtaVoz0t4fUarJ8CN2 +cIlCXtLAlhwxvkvq6fXlDHODihiBrcmRBxz08o+IXvjgBYlfHWP5iDS4RO0lzId4 +2BlBoWQbo8sMYS/3Ns5RV10bqtkDb7GMl+w8o21jTQ877JMop41tG9leD6WLaCxu +JYSWvyeHGutMDlIMuw5KEE1kVxR2XXcZypc9dWHGaI6MrYwpmmvTB6oZg11FEZzm +S8w23130L6pAB1EjCC8lUQubEkgDZ0bfy4UxpkOiqctzYdakvgo+zOwpORhN/Wxp +Vnmv +-----END CERTIFICATE----- diff --git a/common/src/mock_certificates/sha256_rsa_65537_3072/mock_csca.crt b/common/src/mock_certificates/sha256_rsa_65537_3072/mock_csca.crt new file mode 100644 index 000000000..d516ff94a --- /dev/null +++ b/common/src/mock_certificates/sha256_rsa_65537_3072/mock_csca.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF3zCCA8egAwIBAgIUOfHKVz/bAJubdZ3DxmnISFIslYswDQYJKoZIhvcNAQEL +BQAwdzELMAkGA1UEBhMCWFgxEzARBgNVBAgMCm1vY2sgc3RhdGUxEjAQBgNVBAcM +CW1vY2sgY2l0eTEXMBUGA1UECgwObW9jayBpbnN0aXR1dGUxEjAQBgNVBAsMCW1v +Y2sgbmFtZTESMBAGA1UEAwwJbW9jayBuYW1lMB4XDTI0MTIwMjA2NDA0NVoXDTI1 +MTIwMjA2NDA0NVowdzELMAkGA1UEBhMCWFgxEzARBgNVBAgMCm1vY2sgc3RhdGUx +EjAQBgNVBAcMCW1vY2sgY2l0eTEXMBUGA1UECgwObW9jayBpbnN0aXR1dGUxEjAQ +BgNVBAsMCW1vY2sgbmFtZTESMBAGA1UEAwwJbW9jayBuYW1lMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAtpQdDv7J8rS9qKiVD1THFJBdLP7jf1omjM0k +PTKOkVTNnXH41lGvXyUfZg19BC6mtGdz8aCQMdfUdUZYSYgrKB6h6pls7hchBKl0 +RI8fwV1NJmvG9Dub74QIZTdv9QzVWbubUjcDIV6MNLgDdqmeqVb97AW1nvEAgQ/I +jQDDXCoxq1RHPAZ9y2/myyMUYleQvdG3LffcLUi2IF5ma+a927YAMNuAOcn3YpwZ +V11lwfHHtXmE5Fbz48Aq4EL68uT6BRIGeb919rXt7GdJbjSSSZdiofymoVcjoMWx +wkPTTIbPmAfp5gciTVdVZ0wUpMWt4OtsUHOH6CDajHFSH3yxknTv5/1Y1ataniX+ +KP8ROW3IzSKbBuGixbhzzrUkCi5LZb4pG/ck5IwVQglY8tOYBKOpcm2VbKbaYMEP +KRyDggA8eqMDeUuHXCDyW4fyeJFB9XJk4z/SwhY7JPLhX8RzjFZJQVP8VYzsMU7k +5QLKd2k9b+jf49ifj9/KmCMAVWC5RdApyUd9ki/ToC8B9fQ/geX1nCJCt2PCVFBx +0h7CTLanKPR1HTgYQBt779Ft9vC4n/58t8UyN2ytFBD0xzXfPrtudz5Y86t7LbAo +qyK4RdqmZaNOMOWZRPqwA2YdSqvt0mtiw2xnWzbyeEubfnkU8LKgvKYDhI1cktY1 +6H/uHZ8CAwEAAaNjMGEwHQYDVR0OBBYEFLF5hQOs54vlLLtGBrP09D1Ojr+9MB8G +A1UdIwQYMBaAFLF5hQOs54vlLLtGBrP09D1Ojr+9MA8GA1UdEwEB/wQFMAMBAf8w +DgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBCZ1NLXxcBp8hCTzjj +ytX5ms8lh79jGli6Pr6LDrpsCyUrPaoFk608oc99YX0Qb4hRtVK55E/6UfIMvqEw +b7PI7m36CvxruMARjRozu5NB2u35Fib6LMo10KDoS9zs3IwMoQjcmO/3Ose+i+JP +VgMtz78lHrXkvNuhDi9WMRUuqSOlB6dpDtQs/kJMUvicQjj0ZpBkfEB6SGJwEIfD +FcfJ+qijUoursUGkM9jTdB6uQlIMSNZfghH6t228nXBXWHmcD++6heOdXaUd6/Nl +Pu9P+ZhSxIfwTNW/epSFyBs9GZx8KjGrddLyCrJ/FPlsGcpNEka/cV57KHEaT3wu +ufWJWKD5eMNZs8+NL2etjyq7HE+jFk6KWQBVqSsBHg//g2FJ744wKWWA/CZx6CA+ +tkqwhzMysQ5Fb3QadhQm+lpSlPLkgUqidqxInhm7xykkhUWt7K2Cy/GIoq9ML33y +9rMyYPvJXVK5epm06yt8E2bnTmInUzivxPOR3fBYAGAR0kJR2m7YMflrZoCY0oEz +FDwCiI+hlX89Aq32GupX7eAoQ/bT1lPZqqgBdNjsoKAC7PoICg6VXfKjcfLtfqA7 +v12JAY76oWQ7wTsNbqfsI9B81PYjsxCb51hn3rqx13E/fbj5G9261eE2jKJPTo/S +WYGdLJxtEYbjtrmiJdWpDS+moQ== +-----END CERTIFICATE----- diff --git a/common/src/mock_certificates/sha256_rsa_65537_3072/mock_csca.key b/common/src/mock_certificates/sha256_rsa_65537_3072/mock_csca.key new file mode 100644 index 000000000..80c8da136 --- /dev/null +++ b/common/src/mock_certificates/sha256_rsa_65537_3072/mock_csca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC2lB0O/snytL2o +qJUPVMcUkF0s/uN/WiaMzSQ9Mo6RVM2dcfjWUa9fJR9mDX0ELqa0Z3PxoJAx19R1 +RlhJiCsoHqHqmWzuFyEEqXREjx/BXU0ma8b0O5vvhAhlN2/1DNVZu5tSNwMhXow0 +uAN2qZ6pVv3sBbWe8QCBD8iNAMNcKjGrVEc8Bn3Lb+bLIxRiV5C90bct99wtSLYg +XmZr5r3btgAw24A5yfdinBlXXWXB8ce1eYTkVvPjwCrgQvry5PoFEgZ5v3X2te3s +Z0luNJJJl2Kh/KahVyOgxbHCQ9NMhs+YB+nmByJNV1VnTBSkxa3g62xQc4foINqM +cVIffLGSdO/n/VjVq1qeJf4o/xE5bcjNIpsG4aLFuHPOtSQKLktlvikb9yTkjBVC +CVjy05gEo6lybZVsptpgwQ8pHIOCADx6owN5S4dcIPJbh/J4kUH1cmTjP9LCFjsk +8uFfxHOMVklBU/xVjOwxTuTlAsp3aT1v6N/j2J+P38qYIwBVYLlF0CnJR32SL9Og +LwH19D+B5fWcIkK3Y8JUUHHSHsJMtqco9HUdOBhAG3vv0W328Lif/ny3xTI3bK0U +EPTHNd8+u253Pljzq3stsCirIrhF2qZlo04w5ZlE+rADZh1Kq+3Sa2LDbGdbNvJ4 +S5t+eRTwsqC8pgOEjVyS1jXof+4dnwIDAQABAoICADIF+sA1Bte8tYoURmLg83qq +4xyE6YfnB1Dkk91AkNc4yO0uYOM3ljkXTrcDUxFmRr5+6cF2IIvHeqp3D5F2AX0I +h4xjZPkG1UEVvIlcPXMZQR4ZwXUBMAQ7xKEWw1H8pifjwvaPpAfsg7WeBTTp3FLB +Ruj3138owN6bmHMpll0WIm2ytaG4lZa7nhxiDB+1pi6b2vh5RJYTqfLMant9yN79 +yqeYPFWZBHK8GiVZrZupxvHtzX9SY5gu+pBfSaprGiVxfty0nHlv9zQiSHgtZzdK +hvei5XSnD1fpUn7LXoVFGnOpF2iy468VEo0uxykuECnj1tVkEgSDm92G3t1JqMzk +xmGYk93EPC5/jrM38W5Li8XdZZVvmuUN22T1FYIkmXu0Zh7BUn7shcMigg1XwYFG +ynIMqGyO3SDdtsnHhaIofjpiGiTTtzjGURK+WDOopbAirZSjhKd/P6hasEO9mLmg +8abNRAWmM9Qyvtfu5/bTU8SYCAeLLbnhQ9Gs509o+UxWI7agZOzIezROHr54PDen +K1Gdyh1VvMCn7rqacp7HEVPSBtadu+xzn1C+2FQ2XnK1RJOIcyveVVffxIMLqd96 +F4x+gS3pBxS8R0J1+M0fU0+FYUKcWHIED/UE6DocNuoEadecJ+7fh71ehKSEgZIN +UjwUH8VBWKuwkjBxbeeBAoIBAQDtjhRLAsp+FZr0dVpgkRpHniAmGp63mz1756QQ +YvclYllQ2wSr2VtYtWWOdP4WXt2hT4b9Xu54qGV3CWmG7f6cRTK0RTOF8KAe8T+u +CYhpf/bU+jzX5egSu04DegjhM2V5JXEM3RRDQmN6K47swm3upuWBf9UmJlxxfQYg +HZGP6vyM1Bn1Q3R6JpEPy5p6QYp5sMJ4ZgvIOOpbrdhaUCJ6IkHXWAJ3GY6SLb5Y +DVyTOW727VLw4J/Aikyq7qyoMorL2xBqF83nQZdjI+hL/hWeRnF1d4/2wKKeYZfa +aUNZJyFJ9QIR8SQe6WH3mAGgqX9zx5pLaLLP3Y014hrQRqwRAoIBAQDEwUIs3nqb +0dVYshzwNndboTeplx7sQ1hvo3N2PbEzhAwO1xXDJpP+NtzgGUeTUuoZR9RpZCe8 +V7z5RnuS2uSJUGANBIvyeCkGJBvqol2Umwh5v9wrACQm3nSHJapLJkWio54bvYYl +bePdPB74xwAFszocX8dAg0eiHhS1tmR11ejHd/Kriiq/xSu7MsGSXKKS1bDfW73q +byWRxe98SahNSLJfK+w17HhmhYFloVfyIbTwpRw3vM0WIlkloiZprTp3USerZftc +7r2o1Y9EhGx0tmzXULnyDaMJpOqmQro2/R9DBTjbLl+XdNudJvkX+foD4HiMDOnK +TNKC37yGrJ6vAoIBABbGN0XVt6oM0jU7hvWZE6boDvb4OF0r4eIeHAmCI2WPHzb0 +OGdtSCeiBGF6790fLSpI4I0r67rfkhKucVKBQJakv66ur7jYj9FHma5Ktaw/m19h +ujGMlgotsNX+fhlw/vp1T3hHPakRFU5iHKqwHS/zCi+3HK0yokwzC0JK82iTw7CQ +qQhtdh470k5sW5v66pauDobSabDBXB579TD7W8LPw/YsNthKN/PltMjmRwjKScwc +hoYXUtl3qM/+X8kkR1Ax6UnyjEfubuAPUjbu3g21fS0g0El8wFpkytUioFVMvhFE +DvW/Y5IfF8hP52AKv/BOo4k1OWdaOy5+RcnP7LECggEBALzi22i/3O0iMLMJqwZh +A40P5KQG1ET1Ej16qSnmZ+uQ5RKKIfZLXuA6QylQm4ovm1XRw3W6FPuXL3AP3ipJ +wgShCNT2fHO2L4wZtkM2xKgZfbWEHxWY+Rvni+8Clc23XDqa4Pq4o8PjD1IgmYsz +YC4YtbzvphWk8mwMfM1F4IPPa72yxWExL4ETBLyeKX8dN2XHiBmltVkOgv7DCvpC +rDQlijgbrpTGA4BIwsSSdB+bhF1R5RkNQ8XwC605Ua86Alrxqie9q+a3u5QOEZAx +oP0a9LpwYVKjDNYBYNNkU+jeb9ijdsXUayi3ou3nsFL4RLDcGl45N2hi/+VsbUzN +AzkCggEAaXtHwt1NmzJYdGI6eFV1UXTuEC5p5XptfR14FTXSRHbYeD8+zw5GVRea +b91GgyICMIEfr3wtEGczD6WBmW/wWZ46Mdr+/dz5+/zuhsfWrMGyiMCn1PmjAQ5o +h07ZmWNWjUzHbZ0jL6174DeDwFMXOKqFdbhLj+jBp03USGNbpdKTpd1bdoZmELZs +ZgGYl+b2LUegaEcJL3C47pujy3KAxIF1AOUKkhhduV3Fjm/6irxW5wKK8llogxYz +Jh7Tf3gasGCMJTBfaiUFKvAwzqU08pMv8kAwu8LynGwGY0pYH4+6fPY/TcLVAMmT +wtNn1auuwXApjB6+wU9mSaCAZeopFw== +-----END PRIVATE KEY----- diff --git a/common/src/mock_certificates/sha256_rsa_65537_3072/mock_dsc.crt b/common/src/mock_certificates/sha256_rsa_65537_3072/mock_dsc.crt new file mode 100644 index 000000000..d58a5d632 --- /dev/null +++ b/common/src/mock_certificates/sha256_rsa_65537_3072/mock_dsc.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFXDCCA0SgAwIBAgIUMbh7OFxP8qTT3eTw/8Bgu5CnuIEwDQYJKoZIhvcNAQEL +BQAwdzELMAkGA1UEBhMCWFgxEzARBgNVBAgMCm1vY2sgc3RhdGUxEjAQBgNVBAcM +CW1vY2sgY2l0eTEXMBUGA1UECgwObW9jayBpbnN0aXR1dGUxEjAQBgNVBAsMCW1v +Y2sgbmFtZTESMBAGA1UEAwwJbW9jayBuYW1lMB4XDTI0MTIwMjA2NDI1M1oXDTI1 +MTIwMjA2NDI1M1owdzELMAkGA1UEBhMCWFgxEzARBgNVBAgMCm1vY2sgc3RhdGUx +EjAQBgNVBAcMCW1vY2sgY2l0eTEXMBUGA1UECgwObW9jayBpbnN0aXR1dGUxEjAQ +BgNVBAsMCW1vY2sgbmFtZTESMBAGA1UEAwwJbW9jayBuYW1lMIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAsaE0EVDn9JlPOn+9fuCheDAFNxEPl5E8HQ/B +eGyjIRDm9EKVLYkHm5A+asqdOFK/70WVqqUiSMKb2HPJvfoyJXMbtWMWaUUHorsm +xyhD8MqAD/U6jUzxEZnvosJFbUCbTGW0fK6+9fj/G4kWUByrPuqfUpsVDO0ifTKV +P13b54qCyureHBxHukJ8wusmN9jCWPb917TW5iIAcSRpzrb7FSSSBOdKDSKsCH86 +f2DRzkdpw6NHpHQ6UxfvIGN5Sq3KEMgcCtoGYPXDnLOYWPxLdUkFf/NV/wtBDPE6 +5B/UjkLwHqZyXJx2oYA/IlyxTgVWoAMNDZYk3EUfrtNygs5PsW2maqtCGUtq37Hq +wDJ/Ew69iKrAmdWNp5pfdNmDlhXW9GfmA869+ODXUltgdVxIp80Z/xPp1soWqpZE +jVBRnlqyG1Zf+9uqBWlA9GfDzk0aiXthRwz34g/USN/zqtf5vNNPYsbDDAD4MrU8 +spBKbAh85swkNTzDlwChL2AHGrP9AgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD +VR0PAQH/BAQDAgeAMB0GA1UdDgQWBBREj9yGP/9mEdbehi10BRfCS0+oUjAfBgNV +HSMEGDAWgBSxeYUDrOeL5Sy7Rgaz9PQ9To6/vTANBgkqhkiG9w0BAQsFAAOCAgEA +tipJvbUbNQ7Vl7fmj+cf7cIlwXwVP3egZq0aQYYZ0EYJGjxSnlMBsb9ixdhjoU2l +Ln2DiZwgW63fjlnxEUEoTe+O7M0yC4vd77nkVP0Old6zdQRInbz/PTF0o9lOrajb +jXibjJTMH2i1VoO61SckZjtF09XDAHXvJrzEKD4Vb6lZrWoYjSgwZb3wvF3q79Sc ++rLx3TSUfCGkZuStvU1yedsuXtG2I1pS2Y2sztb2xr9Ld82CM3OWAzLmdgpL2B7n +ej3lqnD+m+mdtXTLEKbK+GD3Dt3WfrJndPmbhrvJT/Jr2Gb22u/4jYnuEN5OI48C +BPx7wXc6RAt3HOCRGPT4KP602PbciHA0GQSN48WAveYPiATulXSFXleGNGUnAcd3 +GTEsoWd1Uz+l5I2qT4fInvmBJ8QsSmpb3QL5RhuMtSkmAHORMgd7t0sV5G0HCNBx +DbXBarKNkqBWFqo1kt8S0RmSBAt4VxvKwVG2kWtQAzXEOM0gVMYTuMw1EF6HIlfW +hHDvaF5OBywEwrPjJwk60C2IXeNJ99K620MOA4WNoleJAU8qYDG82Iskw81WwncN +7R8HR2dl54iKLpqKb/a1BleWjtXxTVs2B1LeWrfmmiXu25EiZwzT5tTBFmIYO68U +6AArgamlJrPYaHoi187k9/HL1fWS7H6xyvrPQht+LBE= +-----END CERTIFICATE----- diff --git a/common/src/mock_certificates/sha256_rsa_65537_3072/mock_dsc.key b/common/src/mock_certificates/sha256_rsa_65537_3072/mock_dsc.key new file mode 100644 index 000000000..90cc03335 --- /dev/null +++ b/common/src/mock_certificates/sha256_rsa_65537_3072/mock_dsc.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCxoTQRUOf0mU86 +f71+4KF4MAU3EQ+XkTwdD8F4bKMhEOb0QpUtiQebkD5qyp04Ur/vRZWqpSJIwpvY +c8m9+jIlcxu1YxZpRQeiuybHKEPwyoAP9TqNTPERme+iwkVtQJtMZbR8rr71+P8b +iRZQHKs+6p9SmxUM7SJ9MpU/XdvnioLK6t4cHEe6QnzC6yY32MJY9v3XtNbmIgBx +JGnOtvsVJJIE50oNIqwIfzp/YNHOR2nDo0ekdDpTF+8gY3lKrcoQyBwK2gZg9cOc +s5hY/Et1SQV/81X/C0EM8TrkH9SOQvAepnJcnHahgD8iXLFOBVagAw0NliTcRR+u +03KCzk+xbaZqq0IZS2rfserAMn8TDr2IqsCZ1Y2nml902YOWFdb0Z+YDzr344NdS +W2B1XEinzRn/E+nWyhaqlkSNUFGeWrIbVl/726oFaUD0Z8POTRqJe2FHDPfiD9RI +3/Oq1/m8009ixsMMAPgytTyykEpsCHzmzCQ1PMOXAKEvYAcas/0CAwEAAQKCAYAL +f1WxcT0yVeIM9Uu8tKl+8AzGXbJWqy3q66QoOU/tyfxI/y5Mvjvh09pWazr19FU8 +FZL0cq/faclQn14Fj/ZC+kpm2T0QH0m5PMfryC1tno3feo4Jq1tHOmGKdWys/6uN +rF+cWms93JoWnC73jIOBFQqu/B7GsWq0E9wZN+gN+qcwnzc1Npdl9PvCWholL0CV +JZeUqL3oM3c325WFrc5etflFm/rtErtz6VhN+mRaJ8EuypjOij9kNX5i6E1nigwY +eiRXa1TK1DKiuv/KOg9OkktkHdZ2MrAgPs67bcFVWfxAfZBHgQHj3zzU2wLwKVQG +x7teV91B/URZA6eMXePplDfAjn3g3IwmJFtlW7cBh6rn1G+kaT3EsnvQIXVVpUOn +D5g6YGm+G8WGiyLrOLTPhan141Yqqw2zXaMIEfU5A4Esp4cEEvvgVMp8HsMF6RzY +58qySVKGuvou5u25WcESOjrLajtUzJmB9lVNxaJG7qYKGrPGBJUTsChbl/CrHfkC +gcEA7WsKaTetq+ZgSBhPJh12qKxMGdSvEXJjpq1R3HUR/rD1voZBr2IRbz874m0Y +x8GiQCst/sufrtniAz5aGzRGrIyFo+oKAOUm06g1MXgaL+B3Pr1tdlA86sREeNMY +dBKXGbO1BMrLWuLCcJUTUy7nrYj0ihdMegG4v5xskfieE8xdWbMALqJnsg3OGgwI ++dgX/l+Ay3io8scFLpRJ8PAddRcQa+MTPR/EYvxQ8k5IG9Qo8heNCEAMu3Q+ifFW +F2KHAoHBAL+IOrHyt+2bjOpLO118Xrf/N0MLEGpzMAVoyOj6+mCKCTFOXvXPfl57 +Y1HPBRTpxf1eUdY66fgJ8CpQoDA8PHflg3XfXgiP91zBE7gPdsvYbqHVsym+ZQTB +zCG6DI9UKMgKiID33ul1O3x4HyBEytDWlX3XEwrgPiYoaLdUfDP4xnGxou8E4RWj +8FLcNDYX5/0hNixmg8wSE+hhWc6yfJFnNol5q0ezzS80MpghLSB5ESohOdU36SwZ +mVZbfBViWwKBwCVXpLeP7l0PSy2LxUc1cyhskTuu3CpeV5YrxKhsMXxh0QU6kLJJ +NnzM8VpX1oH0ztRQ9lcRJ/iUhJwF/p4wxrz1DUAO26vwXv8DgfpZ7aSCJb9UhBcL +38j9PdfTPBFlqyZ7wYkTbJDLAdI7YGLBCeedlvjxWTIHe0uICvuaoyJyDmzBXtH2 +8WBsE3K9WdwSRRPZaaSXQduNuh7tbAPdgISeMBMIEEqY6Ia5MPIrpePapuYNFj2p +9Va2ne+MagIbmQKBwG+Yh2JxYnteG4/Tv8YrleCtIly80JbFgKBWOmGNAl9Hbi29 +VRTyDdYtHGRpM7PIteR3lUU2VGaCG9371inknvLY1mzSda6Ve3IeyUeAMx54f5Vp +txdGaQOJi0/HYFQOnChaAsjqI4ZxGPTf5HrfujBOJxIIQ38dwvhmqQTQhAGgHLfX +4XBUrnT2bStKRF2UNkZFmJPsMzSu/8xxFGubkXsC4ULekk6X06CCUExVYD7Aa6DZ +dSHnjsN0MuSfL0AiawKBwDsqipLJ9EfPtZ5IU41REE6B1tQ9K7ZZ/7aBce/QLu9Z +052HC8jVjHzzN+Yb7MEqhtw80fosohG8iwx0rsDsWM5Sw0trYQEGlzA7jShklAah +JrmE2+TUuM/M3rYb+Kg1vnH/J6MAOqewcwOi9RKHwH8RqotxcBw2z6YOFJ1vwxDN +i8lO2nber6ig+TQwct6w2JlQW1ilYKr/NPDZdQmyUcz9fN58vrQekNjcRtw6zJAz +CTJ1BhLIZ0tfiN7Hxx98jQ== +-----END PRIVATE KEY----- diff --git a/common/src/utils/certificates/handleCertificate.ts b/common/src/utils/certificates/handleCertificate.ts index e592a059e..8d4b8b3e2 100644 --- a/common/src/utils/certificates/handleCertificate.ts +++ b/common/src/utils/certificates/handleCertificate.ts @@ -63,18 +63,18 @@ export const getCircuitName = (circuitMode: Mode, signatureAlgorithm: string, ha export function getSignatureAlgorithmDetails(oid: string): { signatureAlgorithm: string, hashFunction: string } { const details = { - '1.2.840.113549.1.1.5': { signatureAlgorithm: 'rsa', hashFunction: 'sha1' }, - '1.2.840.113549.1.1.11': { signatureAlgorithm: 'rsa', hashFunction: 'sha256' }, - '1.2.840.113549.1.1.12': { signatureAlgorithm: 'rsa', hashFunction: 'sha384' }, - '1.2.840.113549.1.1.13': { signatureAlgorithm: 'rsa', hashFunction: 'sha512' }, + '1.2.840.113549.1.1.5': { signatureAlgorithm: 'rsa', hashFunction: 'sha1', domainParameter: '65537', keyLength: '2048' }, + '1.2.840.113549.1.1.11': { signatureAlgorithm: 'rsa', hashFunction: 'sha256', domainParameter: '65537', keyLength: '2048' }, + '1.2.840.113549.1.1.12': { signatureAlgorithm: 'rsa', hashFunction: 'sha384', domainParameter: '65537', keyLength: '2048' }, + '1.2.840.113549.1.1.13': { signatureAlgorithm: 'rsa', hashFunction: 'sha512', domainParameter: '65537', keyLength: '2048' }, // rsapss - '1.2.840.113549.1.1.10': { signatureAlgorithm: 'rsapss', hashFunction: 'sha256' }, // TODO: detect which hash function is used (not always sha256) + '1.2.840.113549.1.1.10': { signatureAlgorithm: 'rsapss', hashFunction: 'sha256', domainParameter: '65537', keyLength: '2048' }, // TODO: detect which hash function is used (not always sha256) // ecdsa - '1.2.840.10045.4.1': { signatureAlgorithm: 'ecdsa', hashFunction: 'sha1' }, - '1.2.840.10045.4.3.1': { signatureAlgorithm: 'ecdsa', hashFunction: 'sha224' }, - '1.2.840.10045.4.3.2': { signatureAlgorithm: 'ecdsa', hashFunction: 'sha256' }, - '1.2.840.10045.4.3.3': { signatureAlgorithm: 'ecdsa', hashFunction: 'sha384' }, - '1.2.840.10045.4.3.4': { signatureAlgorithm: 'ecdsa', hashFunction: 'sha512' }, + '1.2.840.10045.4.1': { signatureAlgorithm: 'ecdsa', hashFunction: 'sha1', domainParameter: 'secp256r1', keyLength: '256' }, + '1.2.840.10045.4.3.1': { signatureAlgorithm: 'ecdsa', hashFunction: 'sha224', domainParameter: 'secp256r1', keyLength: '256' }, + '1.2.840.10045.4.3.2': { signatureAlgorithm: 'ecdsa', hashFunction: 'sha256', domainParameter: 'secp256r1', keyLength: '256' }, + '1.2.840.10045.4.3.3': { signatureAlgorithm: 'ecdsa', hashFunction: 'sha384', domainParameter: 'secp384r1', keyLength: '384' }, + '1.2.840.10045.4.3.4': { signatureAlgorithm: 'ecdsa', hashFunction: 'sha512', domainParameter: 'secp521r1', keyLength: '521' }, }; return details[oid] || { signatureAlgorithm: `Unknown (${oid})`, hashFunction: 'Unknown' }; } diff --git a/common/src/utils/genMockPassportData.ts b/common/src/utils/genMockPassportData.ts index 0648c530e..582e7528f 100644 --- a/common/src/utils/genMockPassportData.ts +++ b/common/src/utils/genMockPassportData.ts @@ -25,6 +25,10 @@ import { mock_dsc_sha384_ecdsa, mock_dsc_key_sha256_brainpoolP256r1, mock_dsc_sha256_brainpoolP256r1, + mock_dsc_key_sha256_rsa_3_2048, + mock_dsc_sha256_rsa_3_2048, + mock_dsc_key_sha256_rsa_65537_3072, + mock_dsc_sha256_rsa_65537_3072, } from '../constants/mockCertificates'; import { sampleDataHashes_small, sampleDataHashes_large } from '../constants/sampleDataHashes'; import { countryCodes } from '../constants/constants'; @@ -112,6 +116,16 @@ export function genMockPassportData( privateKeyPem = mock_dsc_key_sha256_brainpoolP256r1; dsc = mock_dsc_sha256_brainpoolP256r1; break; + case 'rsa_sha256_3_2048': + sampleDataHashes = sampleDataHashes_large; + privateKeyPem = mock_dsc_key_sha256_rsa_3_2048; + dsc = mock_dsc_sha256_rsa_3_2048; + break; + case 'rsa_sha256_65537_3072': + sampleDataHashes = sampleDataHashes_large; + privateKeyPem = mock_dsc_key_sha256_rsa_65537_3072; + dsc = mock_dsc_sha256_rsa_65537_3072; + break; } const { hashFunction, hashLen } = parseCertificate(dsc); diff --git a/common/src/utils/generateInputs.ts b/common/src/utils/generateInputs.ts index 47502cc0b..b961e3fa1 100644 --- a/common/src/utils/generateInputs.ts +++ b/common/src/utils/generateInputs.ts @@ -176,7 +176,7 @@ export function generateCircuitInputsProve( let pubKey: any; let signature: any; - const { n, k } = getNAndK(signatureAlgorithm); + const { n, k } = getNAndK(`${signatureAlgorithm}_${hashFunction}_${curve || exponent}_${bits}`); if (signatureAlgorithm === 'ecdsa') { const { r, s } = extractRSFromSignature(encryptedDigest); @@ -187,7 +187,6 @@ export function generateCircuitInputsProve( const dsc_modulus_y = splitToWords(BigInt(hexToDecimal(y)), n, k) pubKey = [...dsc_modulus_x, ...dsc_modulus_y] } else { - signature = splitToWords( BigInt(bytesToBigDecimal(encryptedDigest)), n, @@ -221,6 +220,7 @@ export function generateCircuitInputsProve( new Uint8Array(eContent), MAX_PADDED_ECONTENT_LEN[signatureAlgorithmFullName] ); + const [signedAttrPadded, signedAttrPaddedLen] = shaPad( new Uint8Array(signedAttr), MAX_PADDED_SIGNED_ATTR_LEN[signatureAlgorithmFullName] diff --git a/common/src/utils/utils.ts b/common/src/utils/utils.ts index 99c1b5103..43b34980a 100644 --- a/common/src/utils/utils.ts +++ b/common/src/utils/utils.ts @@ -4,8 +4,9 @@ import { sha1 } from 'js-sha1'; import { sha384, sha512_256 } from 'js-sha512'; import { SMT } from '@openpassport/zk-kit-smt'; import forge from 'node-forge'; -import { n_dsc, k_dsc, n_dsc_ecdsa, k_dsc_ecdsa, n_csca, k_csca, attributeToPosition } from '../constants/constants'; +import { n_dsc, k_dsc, k_dsc_3072, n_dsc_ecdsa, k_dsc_ecdsa, n_csca, k_csca, attributeToPosition } from '../constants/constants'; import { unpackReveal } from './revealBitmap'; +import { SignatureAlgorithm } from './types'; export function formatMrz(mrz: string) { const mrzCharcodes = [...mrz].map((char) => char.charCodeAt(0)); @@ -18,11 +19,22 @@ export function formatMrz(mrz: string) { return mrzCharcodes; } -export function getNAndK(sigAlg: 'rsa' | 'ecdsa' | 'rsapss') { - const n = sigAlg === 'ecdsa' ? n_dsc_ecdsa : n_dsc; - const k = sigAlg === 'ecdsa' ? k_dsc_ecdsa : k_dsc; - return { n, k }; +export function getNAndK(sigAlg: SignatureAlgorithm) { + if (sigAlg === 'rsa_sha256_65537_3072') { + return { n: n_dsc, k: k_dsc_3072 }; // 3072/32 = 96 + } + + if (sigAlg.startsWith('ecdsa_')) { + return { n: n_dsc_ecdsa, k: k_dsc_ecdsa }; // 256/32 = 8 + } + + if (sigAlg.startsWith('rsapss_')) { + return { n: n_dsc, k: k_dsc }; // 2048/32 = 64 + } + + return { n: n_dsc, k: k_dsc }; // 2048/32 = 64 } + export function getNAndKCSCA(sigAlg: 'rsa' | 'ecdsa' | 'rsapss') { const n = sigAlg === 'ecdsa' ? n_dsc_ecdsa : n_csca; const k = sigAlg === 'ecdsa' ? k_dsc_ecdsa : k_csca;