FEAT: added support to load X.509 encoded private RSA keys

Oldes · Oldes · commit 8c051b110158 · 2022-02-14T14:45:17.000+01:00
diff --git a/src/mezz/codec-ssh-key.reb b/src/mezz/codec-ssh-key.reb
@@ -23,9 +23,37 @@ wrap [
 				return rsa-init n e
 			]
 		]
-		print ["Not RSA key! (" v ")"]
+		sys/log/error 'REBOL ["Not RSA key! (" v ")"]
 		none
 	]
+	init-rsa-public-key: function [data [block!]][
+		parse data [
+			'SEQUENCE into [
+				'INTEGER set n:   binary! ;modulus        
+				'INTEGER set e:   binary! ;publicExponent 
+			]
+		]
+		rsa-init n e
+	]
+	init-rsa-private-key: function [data [block!]][
+		parse data [
+			'SEQUENCE into [
+				'INTEGER set v:   binary! ;version
+				'INTEGER set n:   binary! ;modulus
+				'INTEGER set e:   binary! ;publicExponent
+				'INTEGER set d:   binary! ;privateExponent
+				'INTEGER set p:   binary! ;prime1
+				'INTEGER set q:   binary! ;prime2
+				;- dp, dq and qp are computed when initialized, so not used here 
+				;'INTEGER set dp:  binary! ;exponent1       d mod (p-1)
+				;'INTEGER set dq:  binary! ;exponent2       d mod (q-1)
+				;'INTEGER set qp:  binary! ;coefficient     (inverse of q) mod p
+				to end
+			]
+			to end
+		]
+		rsa-init/private n e d p q
+	]
 
 	register-codec [
 		name: 'ssh-key
@@ -52,22 +80,21 @@ wrap [
 				][	init-from-ssh2-key key ]
 			]
 			if "4,ENCRYPTED" = select pkix/header "Proc-Type" [
-				print "ENCRYPTED key!"
+				sysl/log/info 'REBOL "ENCRYPTED key!"
 				try/except [
 					dek-info: select pkix/header "DEK-Info"
-					;probe dek-info
+					sysl/log/info 'REBOL ["Using:" dek-info]
 					parse dek-info [
 						"AES-128-CBC" #"," copy iv to end
 					]
 					iv: debase iv 16
 					unless p [p: ask/hide "Pasword: "]
-					p: checksum
-						join to binary! p copy/part iv 8
-						'md5
+					p: checksum (join to binary! p copy/part iv 8) 'md5
 					d: aes/key/decrypt p iv
 					pkix/binary: aes/stream d pkix/binary
 				][	return none ]
 			]
+			sys/log/info 'REBOL ["Trying to resolve:" pkix/label]
 
 			switch pkix/label [
 				"SSH2 PUBLIC KEY" [
@@ -78,66 +105,43 @@ wrap [
 			try/except [
 				data: codecs/der/decode pkix/binary
 			][
-				print "Failed to decode DER day for RSA key!"
-				probe system/state/last-error
+				sys/log/error 'REBOL "Failed to decode DER day for RSA key!"
+				sys/log/error 'REBOL system/state/last-error
 				return none
 			]
 			
 			switch pkix/label [
-				"PUBLIC KEY" [
-					; resolve RSA public data from the DER structure (PKCS#1)
-					all [
+				"PUBLIC KEY"
+				"PRIVATE KEY" [
+					; resolve key data from the DER structure (PKCS#1)
+					return attempt [
 						parse data [
 							'SEQUENCE into [
-								'SEQUENCE   set v:    block!  ; AlgorithmIdentifier 
-								'BIT_STRING set data: binary! ; PublicKey
+								opt ['INTEGER binary!]
+								'SEQUENCE into [
+									'OBJECT_IDENTIFIER set oid: binary! ; AlgorithmIdentifier 
+									to end ;'NULL binary!
+								]
+								['BIT_STRING | 'OCTET_STRING] set data: binary! ; PublicKey
 								(
 									data: codecs/der/decode data
 								)
 							]
 						]
-						v/OBJECT_IDENTIFIER = #{2A864886F70D010101} ;= rsaEncryption
-						parse data [
-							'SEQUENCE into [
-								'INTEGER set n:   binary! ;modulus        
-								'INTEGER set e:   binary! ;publicExponent 
+						switch/default oid [
+							#{2A864886F70D010101} [ ;= rsaEncryption
+								return either pkix/label = "PUBLIC KEY" [
+									init-rsa-public-key  data
+								][  init-rsa-private-key data ]
 							]
+						][
+							sys/log/error 'REBOL ["Unknown key type:" codecs/der/decode-OID oid]
+							none
 						]
 					]
-					; resolve RSA handle from parsed data
-					return rsa-init n e
-				]
-				"RSA PUBLIC KEY" [
-					; resolve RSA public data from the DER structure (PKCS#1)
-					parse data [
-						'SEQUENCE into [
-							'INTEGER set n:   binary! ;modulus        
-							'INTEGER set e:   binary! ;publicExponent 
-						]
-					]
-					; resolve RSA handle from parsed data
-					return rsa-init n e
-				]
-				"RSA PRIVATE KEY" [
-					; resolve RSA private data from the DER structure (PKCS#1)
-					parse data [
-						'SEQUENCE into [
-							'INTEGER set v:   binary! ;version
-							'INTEGER set n:   binary! ;modulus        
-							'INTEGER set e:   binary! ;publicExponent 
-							'INTEGER set d:   binary! ;privateExponent
-							'INTEGER set p:   binary! ;prime1         
-							'INTEGER set q:   binary! ;prime2         
-							'INTEGER set dp:  binary! ;exponent1       d mod (p-1)
-							'INTEGER set dq:  binary! ;exponent2       d mod (q-1)
-							'INTEGER set inv: binary! ;coefficient     (inverse of q) mod p
-							to end
-						]
-						to end
-					]
-					; resolve RSA handle from parsed data
-					return rsa-init/private n e d p q dp dq inv
 				]
+				"RSA PUBLIC KEY"  [ return init-rsa-public-key  data ]
+				"RSA PRIVATE KEY" [ return init-rsa-private-key data ]
 			]
 			none ; no success!
 		]
diff --git a/src/tests/units/files/MyCertificate.crt b/src/tests/units/files/MyCertificate.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFQzCCAyugAwIBAgIJAMs479eTDagfMA0GCSqGSIb3DQEBCwUAMDgxDzANBgNV
+BAoMBlJlYm9sMzERMA8GA1UECwwIVGVzdENlcnQxEjAQBgNVBAMMCWxvY2FsaG9z
+dDAeFw0yMjAyMTQwOTQ2MzVaFw0yMzAyMTQwOTQ2MzVaMDgxDzANBgNVBAoMBlJl
+Ym9sMzERMA8GA1UECwwIVGVzdENlcnQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKZNLMJO1Tb8xXNktj32QU+WH3Cn
+iaJQ7kER3Ez61uEAApD5ufU3eE2CYg27ul7aXocA9bFrl8M3IBSvCI58fnIiaz73
+1erQQRHirWjvK4GFwiE1Jj6pUxON49ghbq+UMvLQ1IMDqsGjKjw9KL+u4615EEAd
+eIigrNPVKLevo6tXdkdAAJ+nSKz8uNwHgW2iazNoh9C5T2cEdZ7e4Q4BsX7oMcZR
+Xb8MZQvFmYQgtL/AHg9SuuJagTIkZ9To5XOMROjSbRCyQnd55X6ckW3hrROotEf1
+vp69ik1vlBsNVibttk+6dOHl9IZd18D++qrKUYxRKZUr3/xmn8oavvYcWX+Sohgc
+djIkT5pASWzteVg6AcFyEbDhj08cef4QyLyBueG0ucY6eTTliknbjKssPpX6I9S4
+G+YQwds1fdOWYiCuXvsBqMakMagyoua+3OZRwnZYEljS4TomdlHYi+XeM7rckIxk
+m+IWz4sHX/APmh3mXq5EBXzhyJKC0qNTY8++TKax+QiD1q9IeNp1WxpiAlTT7aDz
+Pt3//GtHQ/BghVPFHHRGumI+I/D3jQt5M6lp6VpJYz39evcUgP8VAsrUzD8gTiTb
++5Bu2DvZyOAdhGhI4p89DXwXkTtK7Na1N2/FN1zEGOEMd+xgeVc3aqQmx8JCGq69
+QTWvn3MY2IVDPAChAgMBAAGjUDBOMB0GA1UdDgQWBBQlFfh6orfcbhSfclJCrfhk
+bLxuZjAfBgNVHSMEGDAWgBQlFfh6orfcbhSfclJCrfhkbLxuZjAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAyEZbultlpt7o9HuMe/iL9xfZr2c3Pizbc
+iHuUAB6NZFAsW680uNXIU7V6i7roPPynPE5Wi1nx3Jlzlw7a/ee+8lBLrLEXWJDV
+2VjLbfZvstKtsvp2BPibvak2PXjT8EGr9HhtTurzKTZW4ULjvaf6UzgBTIdJrDsR
+e0zKDS3z3AB2hLUq3yV0I6XZK/I8nVFWXJhXgI3OFeTyOWDDsd4Odfbc9ISXtZeU
+RHOpcTkQ65FUuAkvBZKtlPSLgQR1qwEDspGm6YpPzUFdKdNIRh8svv5ny6FxfLwF
+82ib9L13YWB1gHpvxjrHR3ydcS/7LZQPcDdWlpbIzS4NBsqa1EgxMvsOzbuEDMXS
+IFBT+JY6NzASs9YK9lsx9T05oSl/yvF19OF7gMsEdct/zxits9arC0m3+zvykM8k
+RoxRE4asFIaUVE+y54N9hZqNrU43g2++Ln9/L27fL20XeBqDMJ5DKmVoVZr6ALTn
+EhH6AbQoQSJc3upwSv2N6tDfRsC/bqv3cuH3Z/LuuePW3eRiYpBIugrCGyYbR8Ip
+7gb4xCA1wll13LfMWVBJ01dtkABrEFye2/1iPt4UUQJ8VAJ329l0obLbTdVRDXYa
+Q1aOe2F1jlqGPbhu1it27ep1rsZzQC0ZUZr4jkSr0aRVbSJAOStnTOlOhloiCnGj
+rvs7V8Ow9Q==
+-----END CERTIFICATE-----
diff --git a/src/tests/units/files/MyKey.key b/src/tests/units/files/MyKey.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCmTSzCTtU2/MVz
+ZLY99kFPlh9wp4miUO5BEdxM+tbhAAKQ+bn1N3hNgmINu7pe2l6HAPWxa5fDNyAU
+rwiOfH5yIms+99Xq0EER4q1o7yuBhcIhNSY+qVMTjePYIW6vlDLy0NSDA6rBoyo8
+PSi/ruOteRBAHXiIoKzT1Si3r6OrV3ZHQACfp0is/LjcB4FtomszaIfQuU9nBHWe
+3uEOAbF+6DHGUV2/DGULxZmEILS/wB4PUrriWoEyJGfU6OVzjETo0m0QskJ3eeV+
+nJFt4a0TqLRH9b6evYpNb5QbDVYm7bZPunTh5fSGXdfA/vqqylGMUSmVK9/8Zp/K
+Gr72HFl/kqIYHHYyJE+aQEls7XlYOgHBchGw4Y9PHHn+EMi8gbnhtLnGOnk05YpJ
+24yrLD6V+iPUuBvmEMHbNX3TlmIgrl77AajGpDGoMqLmvtzmUcJ2WBJY0uE6JnZR
+2Ivl3jO63JCMZJviFs+LB1/wD5od5l6uRAV84ciSgtKjU2PPvkymsfkIg9avSHja
+dVsaYgJU0+2g8z7d//xrR0PwYIVTxRx0RrpiPiPw940LeTOpaelaSWM9/Xr3FID/
+FQLK1Mw/IE4k2/uQbtg72cjgHYRoSOKfPQ18F5E7SuzWtTdvxTdcxBjhDHfsYHlX
+N2qkJsfCQhquvUE1r59zGNiFQzwAoQIDAQABAoICAQCI8orGZIbepl+vfCM7eVwl
+PvobGkyUN1NMkHm7huGHHiv+2TeSwSA3rAQ1TP/X9rnbMSYi+fhbET1A6zb/p3O1
+Z7SrgQpPOToskV++Rx6rpcvM7ujUtzmro7AansV4n3EpVmF6ln16wnQYcUDqQQpL
+I6QHOH22/aH1O9cxFNmSUw8a85DP6MFHe0J8J04lS5g+GHmnn8LMkfaOYvowP6K8
+YFgE+aJansljXVDjZs+SDJJ0ietOVbuI4EQFJ9k0QzHIDOk106Y6n04m6qY0N6EA
+zG/RxoQ4UtvekuEDOgNVQXJdy61PDcBFGmh/DTq9hKiNBZVZu2zTfGtf0pCpOYVU
+3kW0v1zW+gMckRBbPEmVnkWQCt6Xfhmdme/Fk1GyJ8xZGcDcwkxSdn0M0bL1c5Aw
+vKqjWIas0RfyJHOtCkB2EYYPwNE1HVbpWMpW6AWVLElrYUkz4pGYDA8x8kmxo4Ge
+qnqyNk6ShIf2kI3ilBJ3fZPWsr+fko2LSAYbVF+jLx+vDzaWFzHGgFBLZhtsYjOQ
+1xvU7k0HjZ6P0/Pxp8pASqpFkXePJshgnsVoDsJKY84Ui90EzyPiYXIX8FT7zHTw
+G7mHVHz3Xz10cM+fPDDltPq+GJfYUjTcrmpNwoDBnhGx5zQGbXh1eLJzxeBoHJgP
+Hk+Bx7h52zS2bt9afZcqMQKCAQEAzwR+BrnxD2tFa9RJuCvxq+TS58VvkgkubQqx
+Eot1XYKm7WxoYkhyk03JE/pvnlP43DLuVdmJpLw1aUSMQ3P4+Re/pmzEz4bD8mFC
+JgUWJ7aqtAgW3fGOLpLxxjD2zQTwjKK5h1fhxW2OxNSIHUc0lNovoaM2uZbPwBTr
+YT1vQXsRs1CQmWcCwf0MVvGlo+B60opG378LzQGtQBjnURnMf06zhs825D6GplvN
+btJPMxIGOOH9CbQQdj67ODfhdbL32n/VZbnU52902aUTVkgxUuK9xWwDnP0AGWUK
+Er5Ij99vQpA4Ym7/PJ73CTYDoucmNwzg5/6qkoid/DA8pqs9FQKCAQEAzaZrfojg
+S/LqLolLu7pswWmn5M4NtTzN/DEVQwELC09nHEbcYWA0Trzr37sRgrRhWs/mTDO3
+YQSypVoXcGO61hG2/GEpvCJcqk2DNfkByUbPfACh4VRHFzjsco3qvXlAmrBjR3CJ
+2Dt/GLDa5SfisQyisPuUzrtquVyF9jSqk62VPyR01WPeb4V/VmK6O0KjYZi5ofNQ
+zclexaXRK1S9jDtkaibF1HXDAUdygw/UnTZbdbVxX25rJiW4yqT94obzCPynXiO8
+S+Ev27lWX3An9nKyJ4c02xMOyKqyOVYwQn2pgkicDveCM+GtrEMkXoRdYVlKhMbA
+IMqH4+v7Cr+QXQKCAQBAcUSN8XoB88GjhG0CYOOVP+ELdyF5E1SZaxeeDz2Uw2QV
+Sobf+W95PWCX0IDIh5lTaqNYpCQ93Ly/rTAAm2xoliT5uKg3ddsva2k9Dp5L9IgF
+DPOZWWWKSAHtUTaysZP0I3+fixLj82vbB9HrU0wh/h2PspAJi9HWGG0BUy978cSb
+zjuFFVT9cDlUI1sNvYZeXd8cLYuN4LS+3EG9tEs9YhFuqLiMqo4d4Tv9AIjY/AZl
+1KuBRsVNGdAL+xE7I2AWa27RgNyuwrpcOg/f7w8znxO2Dh690uAiB5rwJL3P05z9
+2olC0wyvIUkDXAYbwtrZji/A6DzO6qpLY/StaWbVAoIBAQC/lGKdvWuetUyeT78i
+wthgEkqbZ63zghKu9xbElesw/SakfAsAF/yCwZLHmWEFr37md7kmkiMqmZLHYbdm
+NzIuDNC4KtgTcLt817r9g9y7ImFWNsyXusiDhL8ZNMZS/utFcD78pYV00HBlkxRI
+2LBhmdDSKX0GXihdSClwJL4n11SrPw4sYN4ubGIlGtI9NKY53GpKyf4jx42neQL0
+Z/ww8H9qOHahp5cj0OiH2i6KysHHVWGpspbVMd0Fw1DVQDyWybAtjgLzeXP5MJ6b
+SEOiXlVDZ7zAve9O114y9ez9dE1+lp/zfXZpWLtPODlgZ9UKRIGcUf9YTPTtSsBS
+0gTtAoIBAQCbfGkosguBoMq/GyWlaT7PJLsl9voS7MamUHeod/0vfwO+rxtN9zJL
+5i93zerhlFVEGXJtkLe88c3VqaKbjWqcLZMO3pQZ+iP967N43P9HkhgWH6fNSFM5
+lSEH2juK6drx9MrjRK78gcGc1Y1ryPpqkqCa/C61bpMH+cfNFBfwxg/iVcYEfg7i
+XnDbEw/xNEq9f5XY9dZJlb9MTlDgB+1z2zakQqVC4GZzRqYpazw6txXdPeyISthb
+QP2QBBpTNkzUWLFzZJ5EMRjGDz+l1rx0WUfaWMbkU7n0hF3NVAmXNS/fhmdszYXW
+16AeXFDJSx8U70+5T6rF9x2ZL1DYXwQd
+-----END PRIVATE KEY-----
diff --git a/src/tests/units/rsa-test.r3 b/src/tests/units/rsa-test.r3
@@ -44,28 +44,29 @@ Rebol [
 		55E38967EDFCD1848A8BE89E2CE12A9A3D5554BBF13CC583190876B79C45ECEC
 		67ED6461DFECD6A0DBC6D9031207C0213006F4B527003BA7E2F21C6FAC9E9719
 		}
-		dp: #{
-		1B8B0F5E473A61AF72F28256F7F20B8F8C6EA69BB49738BF1FB553912F318F94
-		9D5F7728134A22998C31222D9E99302E7B450E6B97698051B2049E1CF2D43654
-		5E34D9746E80A0D33FC6A4621168E6D000EFB41EFCD9ADB9865CDC2DE6DC8DB8
-		1B61AF479B120F153200DDB3ABC2DF9FD1149ACEAB63739BF187A22A44E2063D
-		}
-		dq: #{
-		B3D9401FD7E0801B28151F0E69CD91FC4DA0C36F36AD3DA418E021BC89651131
-		3579FAC0EA1B9452F31F05C3299FC96A796EAFCF39D8639492405EE931D0BF6A
-		02379C6F086E9D4151BD09522ADA44DA947CB85C41BFDDF461780E1EDEEF859B
-		46CA1B4689EE8D360DD7109A3FA4CEEB58EF5AB5FE2F5F2DC57C38F7843F7209
-		}
-		qi: #{
-		1B233FA7A26B5F24A2CF5B6816029B595F89748DE3438CA9BBDADB316C77AD02
-		417E6B7416863381421911514470EAB07A644DF35CE80C069AF819342963460E
-		3247643743985856DC037B948FA9BB193F987646275D6BC7247C3B9E572D27B7
-		48F9917CAC1923AC94DB8671BD0285608B5D95D50A1B33BA21AEB34CA8405515
-		}
+		;- dp, dq and qp are computed when initialized, so not used here
+		;dp: #{
+		;1B8B0F5E473A61AF72F28256F7F20B8F8C6EA69BB49738BF1FB553912F318F94
+		;9D5F7728134A22998C31222D9E99302E7B450E6B97698051B2049E1CF2D43654
+		;5E34D9746E80A0D33FC6A4621168E6D000EFB41EFCD9ADB9865CDC2DE6DC8DB8
+		;1B61AF479B120F153200DDB3ABC2DF9FD1149ACEAB63739BF187A22A44E2063D
+		;}
+		;dq: #{
+		;B3D9401FD7E0801B28151F0E69CD91FC4DA0C36F36AD3DA418E021BC89651131
+		;3579FAC0EA1B9452F31F05C3299FC96A796EAFCF39D8639492405EE931D0BF6A
+		;02379C6F086E9D4151BD09522ADA44DA947CB85C41BFDDF461780E1EDEEF859B
+		;46CA1B4689EE8D360DD7109A3FA4CEEB58EF5AB5FE2F5F2DC57C38F7843F7209
+		;}
+		;qp: #{
+		;1B233FA7A26B5F24A2CF5B6816029B595F89748DE3438CA9BBDADB316C77AD02
+		;417E6B7416863381421911514470EAB07A644DF35CE80C069AF819342963460E
+		;3247643743985856DC037B948FA9BB193F987646275D6BC7247C3B9E572D27B7
+		;48F9917CAC1923AC94DB8671BD0285608B5D95D50A1B33BA21AEB34CA8405515
+		;}
 	]
 	--test-- "Init RSA keys"
 		--assert handle? key-pub:  rsa-init ko/n ko/e ;<-- this key has only public properties
-		--assert handle? key-pri:  rsa-init/private ko/n ko/e ko/d ko/p ko/q ko/dp ko/dq ko/qi
+		--assert handle? key-pri:  rsa-init/private ko/n ko/e ko/d ko/p ko/q ;ko/dp ko/dq ko/qp
 		--assert "#[handle! rsa]" = mold key-pub
 		--assert "#[handle! rsa]" = mold key-pri
 		;@@ https://github.com/Oldes/Rebol-issues/issues/906
@@ -126,9 +127,12 @@ Rebol [
 ===end-group===
 
 ===start-group=== "RSA initialization from file"
-	--test-- "RSA private key from OpenSSL format"
+	--test-- "RSA private key from OpenSSL format (RSA PRIVATE KEY)"
 	--assert handle? try [private-key: load %units/files/rebol-private-no-pass.key]
-	; cleanup:
+	rsa private-key none
+	--test-- "RSA private key from OpenSSL x509 format (PRIVATE KEY)"
+	; openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out MyCertificate.crt -keyout MyKey.key
+	--assert handle? try [private-key: load %units/files/MyKey.key]
 	rsa private-key none
 ===end-group===
 
