diff options
Diffstat (limited to 'lib/public_key/test/public_key_SUITE.erl')
| -rw-r--r-- | lib/public_key/test/public_key_SUITE.erl | 281 |
1 files changed, 251 insertions, 30 deletions
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl index 80c76827c6..1a779e03bd 100644 --- a/lib/public_key/test/public_key_SUITE.erl +++ b/lib/public_key/test/public_key_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2022. All Rights Reserved. +%% Copyright Ericsson AB 2008-2023. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. @@ -59,6 +59,7 @@ eddsa_priv_pkcs8/1, eddsa_priv_rfc5958/0, eddsa_priv_rfc5958/1, + eddsa_sign_verify_24_compat/1, init_ec_pem_encode_generated/1, ec_pem_encode_generated/0, ec_pem_encode_generated/1, @@ -88,6 +89,8 @@ pkix_countryname/1, pkix_emailaddress/0, pkix_emailaddress/1, + pkix_decode_cert/0, + pkix_decode_cert/1, pkix_path_validation/0, pkix_path_validation/1, pkix_path_validation_root_expired/0, @@ -96,6 +99,8 @@ pkix_verify_hostname_subjAltName/1, pkix_verify_hostname_options/1, pkix_verify_hostname_subjAltName_IP/1, + pkix_dist_point_uri/0, + pkix_dist_point_uri/1, pkix_iso_rsa_oid/0, pkix_iso_rsa_oid/1, pkix_iso_dsa_oid/0, @@ -119,9 +124,13 @@ gen_ec_param_prime_field/0, gen_ec_param_prime_field/1, gen_ec_param_char_2_field/0, - gen_ec_param_char_2_field/1 + gen_ec_param_char_2_field/1, + cacerts_load/0, cacerts_load/1 ]). +-export([list_cacerts/0]). % debug exports + + -define(TIMEOUT, 120000). % 2 min -define(PASSWORD1, "1234abcd"). -define(PASSWORD2, "4567efgh"). @@ -142,6 +151,7 @@ all() -> pkix, pkix_countryname, pkix_emailaddress, + pkix_decode_cert, pkix_path_validation, pkix_path_validation_root_expired, pkix_iso_rsa_oid, @@ -154,10 +164,12 @@ all() -> pkix_verify_hostname_subjAltName, pkix_verify_hostname_subjAltName_IP, pkix_verify_hostname_options, + pkix_dist_point_uri, pkix_test_data_all_default, pkix_test_data, short_cert_issuer_hash, - short_crl_issuer_hash + short_crl_issuer_hash, + cacerts_load ]. groups() -> @@ -168,7 +180,8 @@ groups() -> eddsa_priv_pkcs8, eddsa_priv_rfc5958, ec_pem_encode_generated, gen_ec_param_prime_field, gen_ec_param_char_2_field]}, - {sign_verify, [], [rsa_sign_verify, rsa_pss_sign_verify, dsa_sign_verify]} + {sign_verify, [], [rsa_sign_verify, rsa_pss_sign_verify, dsa_sign_verify, + eddsa_sign_verify_24_compat]} ]. %%------------------------------------------------------------------- init_per_suite(Config) -> @@ -219,6 +232,15 @@ init_per_testcase(rsa_pss_sign_verify, Config) -> false -> {skip, not_supported_by_crypto} end; + +init_per_testcase(eddsa_sign_verify_24_compat, Config) -> + case lists:member(eddsa, crypto:supports(public_keys)) of + true -> + Config; + false -> + {skip, eddsa_not_supported_by_crypto} + end; + init_per_testcase(TestCase, Config) -> case TestCase of ec_pem_encode_generated -> @@ -435,6 +457,61 @@ eddsa_priv_rfc5958(Config) when is_list(Config) -> ECPemNoEndNewLines = strip_superfluous_newlines(ECPrivPem), ECPemNoEndNewLines = strip_superfluous_newlines(public_key:pem_encode([PrivEntry0])). +eddsa_sign_verify_24_compat(_Config) -> + Key = + {'ECPrivateKey',1, + <<15,192,10,239,169,93,9,105,143,13,221,71,191,255,201, + 60,8,80,43,234,82,68,151,219,233,144,174,41,227,241, + 229,232>>, + {namedCurve,{1,3,101,112}}, + <<209,208,142,135,125,251,57,203,2,49,232,74,238,214,170, + 181,23,107,221,39,187,225,106,19,34,133,117,198,138, + 180,16,70>>, + asn1_NOVALUE}, + Body = + <<83,83,72,83,73,71,0,0,0,4,116,101,120,116,0,0,0,0,0,0,0,6,115,104,97, + 53,49,50,0,0,0,64,119,199,206,154,93,134,187,56,109,68,59,185,99,144, + 250,161,32,99,49,88,105,156,136,68,195,11,19,171,11,249,39,96,183,228, + 65,106,234,57,125,185,27,74,192,229,221,86,184,239,126,75,6,97,98,171, + 31,220,8,131,25,206,109,239,200,118>>, + ExpectedSignature = + <<203,148,171,54,165,4,216,251,189,124,35,227,88,183,187,225,142,10,132,163,98, + 48,167,195,67,12,49,148,85,146,41,14,58,0,198,68,103,114,90,61,31,38,200,198, + 64,179,135,138,31,172,236,105,0,71,50,195,168,247,216,110,210,61,159,5>>, + lists:foreach( + fun(Sha) -> + ct:log("Try Sha = ~p", [Sha]), + try + case public_key:sign(Body, Sha, Key) of + ExpectedSignature -> + ct:log("sign Sha ~p ok", [Sha]), + ExpectedSignature; + Others -> + ct:log("Sha: ~p~nGot: ~p~nExpect: ~p", [Sha,Others,ExpectedSignature]), + ct:fail("Bad sign result") + end + of + Sig -> + try + case public_key:verify(Body, Sha, Sig, Key) of + true -> + ct:log("verify Sha ~p ok", [Sha]); + false -> + ct:fail("Bad verify result for ~p",[Sha]) + end + catch + C:E -> + ct:log("Verify: ~p:~p Sha = ~p", [C,E,Sha]), + ct:fail("Bad verify",[]) + end + catch + C:E -> + ct:log("Sign: ~p:~p Sha = ~p", [C,E,Sha]), + ct:fail("Bad sign",[]) + end + end, [undefined, none | crypto:supports(hashs)]). + + init_ec_pem_encode_generated(Config) -> case catch true = lists:member('secp384r1', crypto:ec_curves()) of {'EXIT', _} -> {skip, {'secp384r1', not_supported}}; @@ -466,32 +543,46 @@ encrypted_pem_pwdfun(Config) when is_list(Config) -> encrypted_pem(Config, Password1, Password2) -> Datadir = proplists:get_value(data_dir, Config), - [{'RSAPrivateKey', DerRSAKey, not_encrypted}] = erl_make_certs:pem_to_der(filename:join(Datadir, "client_key.pem")), - RSAKey = public_key:der_decode('RSAPrivateKey', DerRSAKey), - - Salt0 = crypto:strong_rand_bytes(8), - Entry0 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey, - {{"DES-EDE3-CBC", Salt0}, ?PASSWORD1}), - RSAKey = public_key:pem_entry_decode(Entry0, Password1), + SupportedCiphers = crypto:supports(ciphers), + SupportedECB = lists:member(des_ecb, SupportedCiphers), + SupportedDES = lists:member(des_cbc, SupportedCiphers), + case SupportedECB of + true -> + encrypted_pem_des_ede(Datadir, RSAKey, Password1); + false -> + ct:comment("DES-EDE3-CBC not supported") + end, + case SupportedDES of + true -> + encrypted_pem_des_cbc(Datadir, RSAKey, Password2); + false -> + ct:comment("DES-CBC not supported") + end. +encrypted_pem_des_ede(Datadir, RSAKey, Password) -> + Salt = crypto:strong_rand_bytes(8), + Entry = public_key:pem_entry_encode('RSAPrivateKey', RSAKey, + {{"DES-EDE3-CBC", Salt}, ?PASSWORD1}), + RSAKey = public_key:pem_entry_decode(Entry, Password), Des3KeyFile = filename:join(Datadir, "des3_client_key.pem"), - erl_make_certs:der_to_pem(Des3KeyFile, [Entry0]), - [{'RSAPrivateKey', _, {"DES-EDE3-CBC", Salt0}}] = - erl_make_certs:pem_to_der(Des3KeyFile), - - Salt1 = crypto:strong_rand_bytes(8), - Entry1 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey, - {{"DES-CBC", Salt1}, ?PASSWORD2}), + erl_make_certs:der_to_pem(Des3KeyFile, [Entry]), + [{'RSAPrivateKey', _, {"DES-EDE3-CBC", Salt}}] = + erl_make_certs:pem_to_der(Des3KeyFile). + +encrypted_pem_des_cbc(Datadir, RSAKey, Password) -> + Salt = crypto:strong_rand_bytes(8), + Entry = public_key:pem_entry_encode('RSAPrivateKey', RSAKey, + {{"DES-CBC", Salt}, ?PASSWORD2}), DesKeyFile = filename:join(Datadir, "des_client_key.pem"), - erl_make_certs:der_to_pem(DesKeyFile, [Entry1]), - [{'RSAPrivateKey', _, {"DES-CBC", Salt1}} = Entry2] = + erl_make_certs:der_to_pem(DesKeyFile, [Entry]), + [{'RSAPrivateKey', _, {"DES-CBC", Salt}} = Entry] = erl_make_certs:pem_to_der(DesKeyFile), {ok, Pem} = file:read_file(DesKeyFile), check_encapsulated_header(Pem), - true = check_entry_type(public_key:pem_entry_decode(Entry2, Password2), - 'RSAPrivateKey'). + true = check_entry_type(public_key:pem_entry_decode(Entry, Password), + 'RSAPrivateKey'). %%-------------------------------------------------------------------- @@ -673,7 +764,7 @@ pkix(Config) when is_list(Config) -> true = lists:member(IssuerId, CaIds), - %% Should be normalized allready + %% Should be normalized already TestStr = {rdnSequence, [[{'AttributeTypeAndValue', {2,5,4,3},{printableString,"ERLANGCA"}}], [{'AttributeTypeAndValue', {2,5,4,3},{printableString," erlang ca "}}]]}, @@ -707,6 +798,17 @@ pkix_emailaddress(Config) when is_list(Config) -> check_emailaddress(Issuer), check_emailaddress(Subj). + +%%-------------------------------------------------------------------- +pkix_decode_cert() -> + [{doc, "Test that extension IssuerDistributionPoint is not decoded in 'otp' decoding mode. We want to leave it for later " + "to increase interopability for sites that does not use this extension and will not care if it is properly encoded"}]. +pkix_decode_cert(Config) when is_list(Config) -> + Der = base64:decode( + <<"MIICXDCCAgKgAwIBAgIBATAKBggqhkjOPQQDAjApMRkwFwYDVQQFExBjOTY4NDI4OTMyNzUwOGRiMQwwCgYDVQQMDANURUUwHhcNMjIxMDI5MTczMTA3WhcNMjkwNDE2MjAzNDUzWjAfMR0wGwYDVQQDExRBbmRyb2lkIEtleXN0b3JlIEtleTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFmIQDus/jIZ0cPnRCITCzUUuCjQBw8MetO6154mmTL8O/fFlGgYkZ6C8jSSntKC/lMwaZHxAgW1AGgoCrPuX5ejggEjMIIBHzALBgNVHQ8EBAMCB4AwCAYDVR0fBAEAMIIBBAYKKwYBBAHWeQIBEQSB9TCB8gIBAgoBAQIBAwoBAQQgyvsSa116xqleaXs6xA84wqpAPWFgaaTjCWBnZpHslmoEADBEv4VFQAQ+MDwxFjAUBAxjb20ud2hhdHNhcHACBA0+oAQxIgQgOYfQQ9EK769ahxCzZxQY/lfg4ZtlPJ34JVj+tf/OXUQweqEFMQMCAQKiAwIBA6MEAgIBAKUIMQYCAQYCAQSqAwIBAb+DdwIFAL+FPQgCBgGEJMweob+FPgMCAQC/hUAqMCgEIFNB5rJkaXmnDldlMAeh8xAWlCHsm92fGlZI91reAFrxAQH/CgEAv4VBBQIDAV+Qv4VCBQIDAxUYMAoGCCqGSM49BAMCA0gAMEUCIF0BwvRQipVoaz5SIhsYbIeK+FHbAjWPgOxWgQ6Juq64AiEA83ZLsK37DjZ/tZNRi271VHQqIU8mdqUIMboVUiy3DaM=">>), + + #'OTPCertificate'{} = public_key:pkix_decode_cert(Der, otp). + %%-------------------------------------------------------------------- pkix_path_validation() -> [{doc, "Test PKIX path validation"}]. @@ -887,19 +989,19 @@ pkix_verify_hostname_subjAltName(Config) -> true = public_key:pkix_verify_hostname(Cert, [{dns_id,"kb.example.org"}]), true = public_key:pkix_verify_hostname(Cert, [{dns_id,"KB.EXAMPLE.ORG"}]), - %% Check that a dns_id does not match a DNS subjAltName wiht wildcard + %% Check that a dns_id does not match a DNS subjAltName with wildcard false = public_key:pkix_verify_hostname(Cert, [{dns_id,"other.example.org"}]), - %% Check that a dns_id does match a DNS subjAltName wiht wildcard with matchfun + %% Check that a dns_id does match a DNS subjAltName with wildcard with matchfun MatchFun = {match_fun, public_key:pkix_verify_hostname_match_fun(https)}, true = public_key:pkix_verify_hostname(Cert, [{dns_id,"other.example.org"}], [MatchFun]), true = public_key:pkix_verify_hostname(Cert, [{dns_id,"OTHER.EXAMPLE.ORG"}], [MatchFun]), - %% Check that a uri_id does not match a DNS subjAltName wiht wildcard + %% Check that a uri_id does not match a DNS subjAltName with wildcard false = public_key:pkix_verify_hostname(Cert, [{uri_id,"https://other.example.org"}]), false = public_key:pkix_verify_hostname(Cert, [{uri_id,"https://OTHER.EXAMPLE.ORG"}]), - %% Check that a dns_id does match a DNS subjAltName wiht wildcard with matchfun + %% Check that a dns_id does match a DNS subjAltName with wildcard with matchfun true = public_key:pkix_verify_hostname(Cert, [{uri_id,"https://other.example.org"}], [MatchFun]), true = public_key:pkix_verify_hostname(Cert, [{uri_id,"https://OTHER.EXAMPLE.ORG"}], [MatchFun]), true = public_key:pkix_verify_hostname(Cert, [{uri_id,"https://OTHER.example.org"}], [MatchFun]), @@ -995,7 +1097,27 @@ pkix_verify_hostname_subjAltName_IP(Config) -> true = public_key:pkix_verify_hostname(Cert, [{ip, {10,67,16,75}}]), false = public_key:pkix_verify_hostname(Cert, [{ip, {1,2,3,4}}]), false = public_key:pkix_verify_hostname(Cert, [{ip, {10,11,12,13}}]). + + %%-------------------------------------------------------------------- + +pkix_dist_point_uri() -> + [{doc, "Disregard ldap URIs in code path handling HTTP URIs"}]. +pkix_dist_point_uri(Config) when is_list(Config) -> + Datadir = proplists:get_value(data_dir, Config), + {ok, PemCert} = file:read_file(filename:join(Datadir, "ldap_uri_cert.pem")), + [{_, Cert, _}] = public_key:pem_decode(PemCert), + #'OTPCertificate'{tbsCertificate = TBSCert} = public_key:pkix_decode_cert(Cert, otp), + + Extensions = pubkey_cert:extensions_list(TBSCert#'OTPTBSCertificate'.extensions), + DpExt = pubkey_cert:select_extension(?'id-ce-cRLDistributionPoints', Extensions), + #'Extension'{extnValue = DPs} = DpExt, + [#'DistributionPoint'{distributionPoint = {fullName, DPNames}}|_] = DPs, + ct:pal("~p", [DPNames]), + true = pubkey_crl:match_one(DPNames, [{uniformResourceIdentifier, "http://ca.eait.uq.edu.au/crl/labs-LILY-CA"}]). + +%%-------------------------------------------------------------------- + pkix_iso_rsa_oid() -> [{doc, "Test workaround for supporting certs that use ISO oids" " 1.3.14.3.2.29 instead of PKIX/PKCS oid"}]. @@ -1217,6 +1339,105 @@ gen_ec_param_char_2_field(Config) when is_list(Config) -> do_gen_ec_param(filename:join(Datadir, "ec_key_param1.pem")). %%-------------------------------------------------------------------- +cacerts_load() -> + [{doc, "Basic tests of cacerts functionality"}]. +cacerts_load(Config) -> + Datadir = proplists:get_value(data_dir, Config), + {error, enoent} = public_key:cacerts_load("/dummy.file"), + %% Load default OS certs + %% there is no default installed OS certs on netbsd + %% can be installed with 'pkgin install mozilla-rootcerts' + IsNetBsd = element(2, os:type()) =:= netbsd, + OsCerts = try + Certs = public_key:cacerts_get(), + true = public_key:cacerts_clear(), + Certs + catch _:{badmatch, {error, enoent}} when IsNetBsd -> netbsd + end, + + false = public_key:cacerts_clear(), + + %% Reload from file + ok = public_key:cacerts_load(filename:join(Datadir, "cacerts.pem")), + [_TestCert1, _TestCert2] = public_key:cacerts_get(), + + %% Re-Load default OS certs + try + process_flag(trap_exit, true), + flush(), + ok = public_key:cacerts_load(), + [] = flush(), + ct:log("~p: ~p~n", [os:type(), length(OsCerts)]), + OsCerts = public_key:cacerts_get(), + Ids = cert_info(OsCerts), + Check = fun(ShouldBeThere) -> + lists:any(fun(#{id:=Id}) -> lists:prefix(ShouldBeThere, Id) end, Ids) + end, + case lists:partition(Check, ["digicert", "globalsign"]) of + {_, []} -> ok; + {_, Fail} -> + cert_info(OsCerts), + [] = Fail + end, + ok + catch _:{badmatch, {error, enoent}} when IsNetBsd -> + ok + end. + +flush() -> + receive Msg -> [Msg|flush()] + after 500 -> [] + end. + +cert_info([#cert{der=Der, otp=#'OTPCertificate'{tbsCertificate = C0}=Cert}|Rest]) when is_binary(Der) -> + #'OTPTBSCertificate'{subject = Subject, serialNumber = _Nr, issuer = Issuer0} = C0, + C = case public_key:pkix_is_self_signed(Cert) of + true -> #{id => subject(Subject), ss => true}; + false -> + case public_key:pkix_issuer_id(Cert, other) of + {ok, {_IsNr, Issuer}} -> + #{id => subject(Subject), ss => false, issuer => subject(Issuer)}; + {error, _} -> + #{id => subject(Subject), ss => false, issuer => subject(Issuer0)} + end + end, + [C|cert_info(Rest)]; +cert_info([]) -> + []. + + +subject(S) -> + string:lowercase(subject(public_key:pkix_normalize_name(S), "unknown")). + +subject({rdnSequence, Seq}, Def) -> + subject(Seq, Def); +subject([[{'AttributeTypeAndValue', ?'id-at-commonName', Name0}]|_], _Def) -> + case Name0 of + {printableString, Name} -> Name; + {utf8String, Name} -> unicode:characters_to_list(Name); + Name -> Name + end; +subject([[{'AttributeTypeAndValue', ?'id-at-organizationName', Name0}]|Rest], _Def) -> + Name = case Name0 of + {printableString, Name1} -> Name1; + {utf8String, Name1} -> unicode:characters_to_list(Name1); + Name1 -> Name1 + end, + subject(Rest, Name); +subject([_|R], Def) -> + subject(R, Def); +subject([], Def) -> + Def. + +list_cacerts() -> + Certs = public_key:cacerts_get(), + %% io:format("~P~n",[Certs, 20]), + IO = fun(C, N) -> io:format("~.3w:~0p~n", [N,C]), N+1 end, + lists:foldl(IO, 0, lists:sort(cert_info(Certs))), + ok. + + +%%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- asn1_encode_decode({Asn1Type, Der, not_encrypted} = Entry) -> @@ -1323,7 +1544,8 @@ crypto_supported_curve(Curve, _Curves) -> catch _:_-> false end. - + + incorrect_countryname_pkix_cert() -> <<48,130,5,186,48,130,4,162,160,3,2,1,2,2,7,7,250,61,63,6,140,137,48,13,6,9,42, 134,72,134,247,13,1,1,5,5,0,48,129,220,49,11,48,9,6,3,85,4,6,19,2,85,83,49, 16,48,14,6,3,85,4,8,19,7,65,114,105,122,111,110,97,49,19,48,17,6,3,85,4,7,19, 10,83,99,111,116,116,115,100,97,108,101,49,37,48,35,6,3,85,4,10,19,28,83,116, 97,114,102,105,101,108,100,32,84,101,99,104,110,111,108,111,103,105,101,115, 44,32,73,110,99,46,49,57,48,55,6,3,85,4,11,19,48,104,116,116,112,58,47,47,99, 101,114,116,105,102,105,99,97,116,101,115,46,115,116,97,114,102,105,101,108, 100,116,101,99,104,46,99,111,109,47,114,101,112,111,115,105,116,111,114,121, 49,49,48,47,6,3,85,4,3,19,40,83,116,97,114,102,105,101,108,100,32,83,101,99, 117,114,101,32,67,101,114,116,105,102,105,99,97,116,105,111,110,32,65,117, 116,104,111,114,105,116,121,49,17,48,15,6,3,85,4,5,19,8,49,48,54,56,56,52,51, 53,48,30,23,13,49,48,49,48,50,51,48,49,51,50,48,53,90,23,13,49,50,49,48,50, 51,48,49,51,50,48,53,90,48,122,49,11,48,9,6,3,85,4,6,12,2,85,83,49,11,48,9,6, 3,85,4,8,12,2,65,90,49,19,48,17,6,3,85,4,7,12,10,83,99,111,116,116,115,100, 97,108,101,49,38,48,36,6,3,85,4,10,12,29,83,112,101,99,105,97,108,32,68,111, 109,97,105,110,32,83,101,114,118,105,99,101,115,44,32,73,110,99,46,49,33,48, 31,6,3,85,4,3,12,24,42,46,108,111,103,105,110,46,115,101,99,117,114,101,115, 101,114,118,101,114,46,110,101,116,48,130,1,34,48,13,6,9,42,134,72,134,247, 13,1,1,1,5,0,3,130,1,15,0,48,130,1,10,2,130,1,1,0,185,136,240,80,141,36,124, 245,182,130,73,19,188,74,166,117,72,228,185,209,43,129,244,40,44,193,231,11, 209,12,234,88,43,142,1,162,48,122,17,95,230,105,171,131,12,147,46,204,36,80, 250,171,33,253,35,62,83,22,71,212,186,141,14,198,89,89,121,204,224,122,246, 127,110,188,229,162,67,95,6,74,231,127,99,131,7,240,85,102,203,251,50,58,58, 104,245,103,181,183,134,32,203,121,232,54,32,188,139,136,112,166,126,14,91, 223,153,172,164,14,61,38,163,208,215,186,210,136,213,143,70,147,173,109,217, 250,169,108,31,211,104,238,103,93,182,59,165,43,196,189,218,241,30,148,240, 109,90,69,176,194,52,116,173,151,135,239,10,209,179,129,192,102,75,11,25,168, 223,32,174,84,223,134,70,167,55,172,143,27,130,123,226,226,7,34,142,166,39, 48,246,96,231,150,84,220,106,133,193,55,95,159,227,24,249,64,36,1,142,171,16, 202,55,126,7,156,15,194,22,116,53,113,174,104,239,203,120,45,131,57,87,84, 163,184,27,83,57,199,91,200,34,43,98,61,180,144,76,65,170,177,2,3,1,0,1,163, 130,1,224,48,130,1,220,48,15,6,3,85,29,19,1,1,255,4,5,48,3,1,1,0,48,29,6,3, 85,29,37,4,22,48,20,6,8,43,6,1,5,5,7,3,1,6,8,43,6,1,5,5,7,3,2,48,14,6,3,85, 29,15,1,1,255,4,4,3,2,5,160,48,56,6,3,85,29,31,4,49,48,47,48,45,160,43,160, 41,134,39,104,116,116,112,58,47,47,99,114,108,46,115,116,97,114,102,105,101, 108,100,116,101,99,104,46,99,111,109,47,115,102,115,50,45,48,46,99,114,108, 48,83,6,3,85,29,32,4,76,48,74,48,72,6,11,96,134,72,1,134,253,110,1,7,23,2,48, 57,48,55,6,8,43,6,1,5,5,7,2,1,22,43,104,116,116,112,115,58,47,47,99,101,114, 116,115,46,115,116,97,114,102,105,101,108,100,116,101,99,104,46,99,111,109, 47,114,101,112,111,115,105,116,111,114,121,47,48,129,141,6,8,43,6,1,5,5,7,1, 1,4,129,128,48,126,48,42,6,8,43,6,1,5,5,7,48,1,134,30,104,116,116,112,58,47, 47,111,99,115,112,46,115,116,97,114,102,105,101,108,100,116,101,99,104,46,99, 111,109,47,48,80,6,8,43,6,1,5,5,7,48,2,134,68,104,116,116,112,58,47,47,99, 101,114,116,105,102,105,99,97,116,101,115,46,115,116,97,114,102,105,101,108, 100,116,101,99,104,46,99,111,109,47,114,101,112,111,115,105,116,111,114,121, 47,115,102,95,105,110,116,101,114,109,101,100,105,97,116,101,46,99,114,116, 48,31,6,3,85,29,35,4,24,48,22,128,20,73,75,82,39,209,27,188,242,161,33,106, 98,123,81,66,122,138,215,213,86,48,59,6,3,85,29,17,4,52,48,50,130,24,42,46, 108,111,103,105,110,46,115,101,99,117,114,101,115,101,114,118,101,114,46,110, 101,116,130,22,108,111,103,105,110,46,115,101,99,117,114,101,115,101,114,118, 101,114,46,110,101,116,48,29,6,3,85,29,14,4,22,4,20,138,233,191,208,157,203, 249,85,242,239,20,195,48,10,148,49,144,101,255,116,48,13,6,9,42,134,72,134, 247,13,1,1,5,5,0,3,130,1,1,0,82,31,121,162,49,50,143,26,167,202,143,61,71, 189,201,199,57,81,122,116,90,192,88,24,102,194,174,48,157,74,27,87,210,223, 253,93,3,91,150,109,120,1,110,27,11,200,198,141,222,246,14,200,71,105,41,138, 13,114,122,106,63,17,197,181,234,121,61,89,74,65,41,231,248,219,129,83,176, 219,55,107,55,211,112,98,38,49,69,77,96,221,108,123,152,12,210,159,157,141, 43,226,55,187,129,3,82,49,136,66,81,196,91,234,196,10,82,48,6,80,163,83,71, 127,102,177,93,209,129,26,104,2,84,24,255,248,161,3,244,169,234,92,122,110, 43,4,17,113,185,235,108,219,210,236,132,216,177,227,17,169,58,162,159,182, 162,93,160,229,200,9,163,229,110,121,240,168,232,14,91,214,188,196,109,210, 164,222,0,109,139,132,113,91,16,118,173,178,176,80,132,34,41,199,51,206,250, 224,132,60,115,192,94,107,163,219,212,226,225,65,169,148,108,213,46,174,173, 103,110,189,229,166,149,254,31,51,44,144,108,187,182,11,251,201,206,86,138, 208,59,51,86,132,235,81,225,88,34,190,8,184>>. @@ -1367,7 +1589,7 @@ hardcode_rsa_key(3) -> exponent2 = 137572620950115585809189662580789132500998007785886619351549079675566218169991569609420548245479957900898715184664311515467504676010484619686391036071176762179044243478326713135456833024206699951987873470661533079532774988581535389682358631768109586527575902839864474036157372334443583670210960715165278974609, coefficient = 15068630434698373319269196003209754243798959461311186548759287649485250508074064775263867418602372588394608558985183294561315208336731894947137343239541687540387209051236354318837334154993136528453613256169847839789803932725339395739618592522865156272771578671216082079933457043120923342632744996962853951612, otherPrimeInfos = asn1_NOVALUE}; -hardcode_rsa_key(4) -> +hardcode_rsa_key(4) -> #'RSAPrivateKey'{ version ='two-prime', modulus = 28617237755030755643854803617273584643843067580642149032833640135949799721163782522787597288521902619948688786051081993247908700824196122780349730169173433743054172191054872553484065655968335396052034378669869864779940355219732200954630251223541048434478476115391643898092650304645086338265930608997389611376417609043761464100338332976874588396803891301015812818307951159858145399281035705713082131199940309445719678087542976246147777388465712394062188801177717719764254900022006288880246925156931391594131839991579403409541227225173269459173129377291869028712271737734702830877034334838181789916127814298794576266389, @@ -1388,4 +1610,3 @@ pss_params(sha256) -> }, saltLength = 32, trailerField = 1}. - |