diff --git a/Makefile.am b/Makefile.am index 762e229b86..ac42554db7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1634,6 +1634,8 @@ EXTRA_DIST += \ src/libnm-core-impl/tests/certs/test2_key_and_cert.pem \ src/libnm-core-impl/tests/certs/test-aes-128-key.pem \ src/libnm-core-impl/tests/certs/test-aes-256-key.pem \ + src/libnm-core-impl/tests/certs/test-aes-128-ec-key.pem \ + src/libnm-core-impl/tests/certs/test-aes-256-ec-key.pem \ src/libnm-core-impl/tests/certs/test_ca_cert.der \ src/libnm-core-impl/tests/certs/test_ca_cert.pem \ src/libnm-core-impl/tests/certs/test-ca-cert.pem \ @@ -1642,6 +1644,8 @@ EXTRA_DIST += \ src/libnm-core-impl/tests/certs/test-key-and-cert.pem \ src/libnm-core-impl/tests/certs/test-key-only-decrypted.der \ src/libnm-core-impl/tests/certs/test-key-only-decrypted.pem \ + src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.der \ + src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.pem \ src/libnm-core-impl/tests/certs/test-key-only.pem \ src/libnm-core-impl/tests/certs/test-tpm2wrapped-key.pem \ src/libnm-core-impl/tests/nm-core-tests-enum-types.c.template \ diff --git a/src/libnm-core-impl/tests/certs/test-aes-128-ec-key.pem b/src/libnm-core-impl/tests/certs/test-aes-128-ec-key.pem new file mode 100644 index 0000000000..8698964268 --- /dev/null +++ b/src/libnm-core-impl/tests/certs/test-aes-128-ec-key.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,D6E024FACA9CFFE6B0296EBC848BC80C + +vOzvGfSmNKRGMxIlB474A3ZHYqNj0NEuJQxEYV2roY+kAWN4+zdk7I+dbGRbjlgz +lS0NBIrTEmyPugYEWnaccxKfTTJz5U1OxT/AZVVmJuD/5lh2H2qZUkFs6d10X5zd +0gsn6OwV+2j9rrWyEcgH8WOwqgiN+LaWihLhGMKaWI0= +-----END EC PRIVATE KEY----- diff --git a/src/libnm-core-impl/tests/certs/test-aes-256-ec-key.pem b/src/libnm-core-impl/tests/certs/test-aes-256-ec-key.pem new file mode 100644 index 0000000000..1baf51d32b --- /dev/null +++ b/src/libnm-core-impl/tests/certs/test-aes-256-ec-key.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,8337BC213C3280DC1884C61562719552 + +Kcdf9l8gAMkN1fb0PGpFRD1VQIGQbB55yCBLMwRBbG1XQ9rVjnP+Zl0CdDzncKXt +yLFpAAgNUahsaVJyc8/suKl8pj2VfJK8m0NUIrWWQu/KyaFTS6I30hwLJ0WATBMm +GMb2CiAqlk6U+EqtZxNmgf6SCEGUV/oTCF0AqNFKiXM= +-----END EC PRIVATE KEY----- diff --git a/src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.der b/src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.der new file mode 100644 index 0000000000..e8d0765a5b Binary files /dev/null and b/src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.der differ diff --git a/src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.pem b/src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.pem new file mode 100644 index 0000000000..c40e293b32 --- /dev/null +++ b/src/libnm-core-impl/tests/certs/test-ec-key-only-decrypted.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIPw/e9RgNcs2cMrKn+KnxNCGC1UrcOH9S0xm5e1GxJqRoAoGCCqGSM49 +AwEHoUQDQgAEbA5LlfyjMwuyuIcBr+fk1l71EKC6NttJCGjXGexUOTGsjhVgXHjT +cc2EohzF94Zs4EjYce3aQe4YsA11YMuRaQ== +-----END EC PRIVATE KEY----- diff --git a/src/libnm-core-impl/tests/test-crypto.c b/src/libnm-core-impl/tests/test-crypto.c index 896c3c2e69..fb4c213f53 100644 --- a/src/libnm-core-impl/tests/test-crypto.c +++ b/src/libnm-core-impl/tests/test-crypto.c @@ -111,7 +111,7 @@ test_load_private_key(const char *path, array = nmtst_crypto_decrypt_openssl_private_key(path, password, &key_type, &error); /* Even if the password is wrong, we should determine the key type */ - g_assert_cmpint(key_type, ==, NM_CRYPTO_KEY_TYPE_RSA); + g_assert_cmpint(key_type, !=, NM_CRYPTO_KEY_TYPE_UNKNOWN); if (expected_error != -1) { g_assert(array == NULL); @@ -226,7 +226,7 @@ test_encrypt_private_key(const char *path, const char *password) array = nmtst_crypto_decrypt_openssl_private_key(path, password, &key_type, &error); nmtst_assert_success(array, error); - g_assert_cmpint(key_type, ==, NM_CRYPTO_KEY_TYPE_RSA); + g_assert_cmpint(key_type, !=, NM_CRYPTO_KEY_TYPE_UNKNOWN); /* Now re-encrypt the private key */ encrypted = nmtst_crypto_rsa_key_encrypt(g_bytes_get_data(array, NULL), @@ -244,7 +244,7 @@ test_encrypt_private_key(const char *path, const char *password) &key_type, &error); nmtst_assert_success(re_decrypted, error); - g_assert_cmpint(key_type, ==, NM_CRYPTO_KEY_TYPE_RSA); + g_assert_cmpint(key_type, !=, NM_CRYPTO_KEY_TYPE_UNKNOWN); /* Compare the original decrypted key with the re-decrypted key */ g_assert(g_bytes_equal(array, re_decrypted)); @@ -452,12 +452,21 @@ main(int argc, char **argv) g_test_add_data_func("/libnm/crypto/key/aes-128", "test-aes-128-key.pem, test-aes-password", test_key); + g_test_add_data_func("/libnm/crypto/key/aes-128-ec", + "test-aes-128-ec-key.pem, test-aes-password", + test_key); g_test_add_data_func("/libnm/crypto/key/aes-256", "test-aes-256-key.pem, test-aes-password", test_key); + g_test_add_data_func("/libnm/crypto/key/aes-256-ec", + "test-aes-256-ec-key.pem, test-aes-password", + test_key); g_test_add_data_func("/libnm/crypto/key/decrypted", "test-key-only-decrypted.pem", test_key_decrypted); + g_test_add_data_func("/libnm/crypto/key/decrypted-ec", + "test-ec-key-only-decrypted.pem", + test_key_decrypted); g_test_add_data_func("/libnm/crypto/PKCS#12/1", "test-cert.p12, test", test_pkcs12); g_test_add_data_func("/libnm/crypto/PKCS#12/2", "test2-cert.p12, 12345testing", test_pkcs12); diff --git a/src/libnm-crypto/nm-crypto.c b/src/libnm-crypto/nm-crypto.c index 69d2b53f9e..8cf6633632 100644 --- a/src/libnm-crypto/nm-crypto.c +++ b/src/libnm-crypto/nm-crypto.c @@ -25,6 +25,9 @@ #define PEM_DSA_KEY_BEGIN "-----BEGIN DSA PRIVATE KEY-----" #define PEM_DSA_KEY_END "-----END DSA PRIVATE KEY-----" +#define PEM_EC_KEY_BEGIN "-----BEGIN EC PRIVATE KEY-----" +#define PEM_EC_KEY_END "-----END EC PRIVATE KEY-----" + #define PEM_CERT_BEGIN "-----BEGIN CERTIFICATE-----" #define PEM_CERT_END "-----END CERTIFICATE-----" @@ -201,6 +204,10 @@ parse_old_openssl_key_file(const guint8 *data, key_type = NM_CRYPTO_KEY_TYPE_DSA; start_tag = PEM_DSA_KEY_BEGIN; end_tag = PEM_DSA_KEY_END; + } else if (find_tag(PEM_EC_KEY_BEGIN, data, data_len, 0, &start)) { + key_type = NM_CRYPTO_KEY_TYPE_EC; + start_tag = PEM_EC_KEY_BEGIN; + end_tag = PEM_EC_KEY_END; } else { g_set_error(error, _NM_CRYPTO_ERROR, diff --git a/src/libnm-crypto/nm-crypto.h b/src/libnm-crypto/nm-crypto.h index 48c7c6b7ab..289549c6fc 100644 --- a/src/libnm-crypto/nm-crypto.h +++ b/src/libnm-crypto/nm-crypto.h @@ -29,7 +29,8 @@ const NMCryptoCipherInfo *nm_crypto_cipher_get_info_by_name(const char *cipher_n typedef enum { NM_CRYPTO_KEY_TYPE_UNKNOWN = 0, NM_CRYPTO_KEY_TYPE_RSA, - NM_CRYPTO_KEY_TYPE_DSA + NM_CRYPTO_KEY_TYPE_DSA, + NM_CRYPTO_KEY_TYPE_EC, } NMCryptoKeyType; typedef enum {