From bab4b7c4ef3e6abbfca09a8a601f68bb3b93a9fe Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Fri, 3 Jun 2022 03:57:25 -0400 Subject: [PATCH 1/7] Update minimum versions --- composer.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index 2276efc..4bf05d0 100644 --- a/composer.json +++ b/composer.json @@ -20,16 +20,16 @@ } }, "require": { - "php": "^7.1|^8", + "php": "^8.1", "ext-gmp": "*", "ext-json": "*", "ext-openssl": "*", "paragonie/easy-ecc": "^1", "paragonie/hidden-string": "^1|^2", - "paragonie/paseto": ">=2.2" + "paragonie/paseto": "^3" }, "require-dev": { - "phpunit/phpunit": "^7|^8|^9", + "phpunit/phpunit": "^9", "vimeo/psalm": "^4" }, "scripts": { From 7e5eb0bc215a629f2d66e02e01e7e049824eaf2a Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Fri, 3 Jun 2022 04:22:44 -0400 Subject: [PATCH 2/7] Remove support for PASETO Version1 and Version2 --- docs/Types/Pid.md | 16 +- docs/Types/Sid.md | 14 +- src/IdCommonTrait.php | 6 +- src/Operations/Key/SealingPublicKey.php | 8 +- src/Operations/Key/SealingSecretKey.php | 28 +-- src/Operations/PBKW.php | 8 +- src/Operations/PBKW/PBKWv1.php | 215 ------------------ src/Operations/PBKW/PBKWv2.php | 216 ------------------ src/Operations/PBKW/PBKWv3.php | 180 ++++++++++++++- src/Operations/PBKW/PBKWv4.php | 180 ++++++++++++++- src/Operations/PKE.php | 25 +-- src/Operations/PKE/PKEv1.php | 244 --------------------- src/Operations/PKE/PKEv2.php | 184 ---------------- src/Operations/PKE/PKEv4.php | 162 +++++++++++++- src/Operations/Wrap.php | 2 +- src/Operations/Wrap/Pie.php | 44 ++-- src/Types/PublicType.php | 86 ++------ src/Types/SecretType.php | 69 +----- src/Util.php | 25 +-- tests/KAT/LidTest.php | 12 - tests/KAT/LocalPWTest.php | 11 - tests/KAT/LocalTest.php | 12 - tests/KAT/LocalWrapPieTest.php | 15 +- tests/KAT/PidTest.php | 16 -- tests/KAT/PublicTest.php | 15 -- tests/KAT/SealTest.php | 14 +- tests/KAT/SecretPWTest.php | 12 - tests/KAT/SecretTest.php | 30 +-- tests/KAT/SecretWrapPieTest.php | 30 +-- tests/KAT/SidTest.php | 15 -- tests/KnownAnswers.php | 28 +-- tests/Operations/PBKWTest.php | 4 - tests/Operations/PKE/PKEv1Test.php | 44 ---- tests/Operations/PKETest.php | 4 - tests/Operations/Wrap/PieTest.php | 14 +- tests/Operations/WrapTest.php | 15 +- tests/Types/LocalPWTest.php | 4 - tests/Types/LocalTest.php | 12 +- tests/Types/LocalWrapTest.php | 13 +- tests/Types/PublicTest.php | 72 +----- tests/Types/SealTest.php | 4 - tests/Types/SecretPWTest.php | 4 - tests/Types/SecretTest.php | 47 +--- tests/Types/SecretWrapTest.php | 28 +-- tests/UtilTest.php | 4 - tests/test-vectors/k1.lid.json | 30 --- tests/test-vectors/k1.local-pw.json | 48 ---- tests/test-vectors/k1.local-wrap.pie.json | 35 --- tests/test-vectors/k1.local.json | 37 ---- tests/test-vectors/k1.pid.json | 23 -- tests/test-vectors/k1.public.json | 25 --- tests/test-vectors/k1.seal.json | 48 ---- tests/test-vectors/k1.secret-pw.json | 48 ---- tests/test-vectors/k1.secret-wrap.pie.json | 35 --- tests/test-vectors/k1.secret.json | 28 --- tests/test-vectors/k1.sid.json | 24 -- tests/test-vectors/k2.lid.json | 30 --- tests/test-vectors/k2.local-pw.json | 48 ---- tests/test-vectors/k2.local-wrap.pie.json | 35 --- tests/test-vectors/k2.local.json | 37 ---- tests/test-vectors/k2.pid.json | 37 ---- tests/test-vectors/k2.public.json | 30 --- tests/test-vectors/k2.seal.json | 39 ---- tests/test-vectors/k2.secret-pw.json | 48 ---- tests/test-vectors/k2.secret-wrap.pie.json | 35 --- tests/test-vectors/k2.secret.json | 46 ---- tests/test-vectors/k2.sid.json | 33 --- 67 files changed, 655 insertions(+), 2335 deletions(-) delete mode 100644 src/Operations/PBKW/PBKWv1.php delete mode 100644 src/Operations/PBKW/PBKWv2.php delete mode 100644 src/Operations/PKE/PKEv1.php delete mode 100644 src/Operations/PKE/PKEv2.php delete mode 100644 tests/Operations/PKE/PKEv1Test.php delete mode 100644 tests/test-vectors/k1.lid.json delete mode 100644 tests/test-vectors/k1.local-pw.json delete mode 100644 tests/test-vectors/k1.local-wrap.pie.json delete mode 100644 tests/test-vectors/k1.local.json delete mode 100644 tests/test-vectors/k1.pid.json delete mode 100644 tests/test-vectors/k1.public.json delete mode 100644 tests/test-vectors/k1.seal.json delete mode 100644 tests/test-vectors/k1.secret-pw.json delete mode 100644 tests/test-vectors/k1.secret-wrap.pie.json delete mode 100644 tests/test-vectors/k1.secret.json delete mode 100644 tests/test-vectors/k1.sid.json delete mode 100644 tests/test-vectors/k2.lid.json delete mode 100644 tests/test-vectors/k2.local-pw.json delete mode 100644 tests/test-vectors/k2.local-wrap.pie.json delete mode 100644 tests/test-vectors/k2.local.json delete mode 100644 tests/test-vectors/k2.pid.json delete mode 100644 tests/test-vectors/k2.public.json delete mode 100644 tests/test-vectors/k2.seal.json delete mode 100644 tests/test-vectors/k2.secret-pw.json delete mode 100644 tests/test-vectors/k2.secret-wrap.pie.json delete mode 100644 tests/test-vectors/k2.secret.json delete mode 100644 tests/test-vectors/k2.sid.json diff --git a/docs/Types/Pid.md b/docs/Types/Pid.md index ec0b545..ac7e5fd 100644 --- a/docs/Types/Pid.md +++ b/docs/Types/Pid.md @@ -5,7 +5,7 @@ Example code: ```php getPublicKey(); $publicIdV4 = Pid::encodePublic($examplePublicKeyV4); var_dump($publicIdV4); -// Now let's change the version to v2 -$exampleSecretKeyV2 = new AsymmetricSecretKey($exampleSecretKeyV4->raw(), new Version2); -$examplePublicKeyV2 = $exampleSecretKeyV2->getPublicKey(); -$publicIdV2 = Pid::encodePublic($examplePublicKeyV2); -var_dump($publicIdV2); +// Now let's change the version to v3 +$exampleSecretKeyV3 = new AsymmetricSecretKey($exampleSecretKeyV4->raw(), new Version3); +$examplePublicKeyV3 = $exampleSecretKeyV2->getPublicKey(); +$publicIdV3 = Pid::encodePublic($examplePublicKeyV3); +var_dump($publicIdV3); // This will always be bool(false) -var_dump($publicIdV2 === $publicIdV4); +var_dump($publicIdV3 === $publicIdV4); ``` Example output: ``` string(51) "k4.pid.7YHEK_2Pbpe1pB3520MjzTe2sGcA0pV54SyIt2qMgAcq" -string(51) "k2.pid.Yh_AqamsJznJMNU6qZ2xZGSs9IyW3b12e7W-rR6wLYDw" +string(51) "k3.pid.Yh_AqamsJznJMNU6qZ2xZGSs9IyW3b12e7W-rR6wLYDw" bool(false) ``` diff --git a/docs/Types/Sid.md b/docs/Types/Sid.md index fefadf6..773c254 100644 --- a/docs/Types/Sid.md +++ b/docs/Types/Sid.md @@ -5,7 +5,7 @@ Example code: ```php raw(), new Version2); -$secretIdV2 = Sid::encodeSecret($exampleSecretKeyV2); -var_dump($secretIdV2); +// Now let's change the version to v3 +$exampleSecretKeyV3 = new AsymmetricSecretKey($exampleSecretKeyV4->raw(), new Version3); +$secretIdV3 = Sid::encodeSecret($exampleSecretKeyV3); +var_dump($secretIdV3); // This will always be bool(false) -var_dump($secretIdV2 === $secretIdV4); +var_dump($secretIdV3 === $secretIdV4); ``` Example output: ``` string(51) "k4.sid.Vt47YKER1_S7N2zj8CjpQMfoKdOu5l1vq_RctB9CYqhO" -string(51) "k2.sid.sESo8mlDN5bjjO-vnZ96QJ-jrgbg-YO35emyHC19V3bD" +string(51) "k3.sid.sESo8mlDN5bjjO-vnZ96QJ-jrgbg-YO35emyHC19V3bD" bool(false) ``` diff --git a/src/IdCommonTrait.php b/src/IdCommonTrait.php index 810dcd9..b506641 100644 --- a/src/IdCommonTrait.php +++ b/src/IdCommonTrait.php @@ -12,8 +12,6 @@ Sid }; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -56,13 +54,13 @@ final public static function decode(...$args): void public static function encode(ProtocolInterface $version, string $paserk): string { $header = Util::getPaserkHeader($version) . '.' . self::getTypeLabel() . '.'; - if ($version instanceof Version1 || $version instanceof Version3) { + if ($version instanceof Version3) { $hash = Binary::safeSubstr( hash('sha384', $header . $paserk, true), 0, 33 ); - } elseif ($version instanceof Version2 || $version instanceof Version4) { + } elseif ($version instanceof Version4) { $hash = sodium_crypto_generichash( $header . $paserk, '', diff --git a/src/Operations/Key/SealingPublicKey.php b/src/Operations/Key/SealingPublicKey.php index d8fa27f..19e02a8 100644 --- a/src/Operations/Key/SealingPublicKey.php +++ b/src/Operations/Key/SealingPublicKey.php @@ -4,7 +4,7 @@ use ParagonIE\Paserk\PaserkException; use ParagonIE\Paseto\Keys\AsymmetricPublicKey; -use ParagonIE\Paseto\Protocol\Version1; +use Exception; /** * Class SealingPublicKey @@ -14,14 +14,12 @@ class SealingPublicKey extends AsymmetricPublicKey { /** * @return AsymmetricPublicKey + * * @throws PaserkException + * @throws Exception */ public function toPasetoKey(): AsymmetricPublicKey { - if ($this->protocol instanceof Version1) { - throw new PaserkException("Version 1 keys cannot be converted!"); - } - return new AsymmetricPublicKey( $this->key, $this->protocol diff --git a/src/Operations/Key/SealingSecretKey.php b/src/Operations/Key/SealingSecretKey.php index a7f2855..05b513b 100644 --- a/src/Operations/Key/SealingSecretKey.php +++ b/src/Operations/Key/SealingSecretKey.php @@ -2,7 +2,6 @@ declare(strict_types=1); namespace ParagonIE\Paserk\Operations\Key; -use ParagonIE\Paserk\PaserkException; use ParagonIE\EasyECC\ECDSA\{ PublicKey, SecretKey @@ -13,9 +12,8 @@ AsymmetricSecretKey }; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, - Version3 + Version3, + Version4 }; use ParagonIE\Paseto\ProtocolInterface; use ParagonIE\Paseto\Util; @@ -46,14 +44,8 @@ class SealingSecretKey extends AsymmetricSecretKey */ public static function generate(ProtocolInterface $protocol = null): AsymmetricSecretKey { - $protocol = $protocol ?? new Version2; - - if (hash_equals($protocol::header(), Version1::HEADER)) { - $rsa = Version1::getRsa(); - /** @var array $keypair */ - $keypair = $rsa->createKey(4096); - return new self(Util::dos2unix($keypair['privatekey']), $protocol); - } elseif (hash_equals($protocol::header(), Version3::HEADER)) { + $protocol = $protocol ?? new Version4; + if (hash_equals($protocol::header(), Version3::HEADER)) { return new self( Util::dos2unix(SecretKey::generate(Version3::CURVE)->exportPem()), $protocol @@ -69,14 +61,11 @@ public static function generate(ProtocolInterface $protocol = null): AsymmetricS /** * @return AsymmetricSecretKey - * @throws PaserkException + * + * @throws Exception */ public function toPasetoKey(): AsymmetricSecretKey { - if ($this->protocol instanceof Version1) { - throw new PaserkException("Version 1 keys cannot be converted!"); - } - return new AsymmetricSecretKey( $this->key, $this->protocol @@ -92,11 +81,6 @@ public function toPasetoKey(): AsymmetricSecretKey public function getPublicKey(): AsymmetricPublicKey { switch ($this->protocol::header()) { - case Version1::HEADER: - return new SealingPublicKey( - Version1::RsaGetPublicKey($this->key), - $this->protocol - ); case Version3::HEADER: /** @var PublicKey $pk */ $pk = SecretKey::importPem($this->key)->getPublicKey(); diff --git a/src/Operations/PBKW.php b/src/Operations/PBKW.php index 59bcc69..d384efc 100644 --- a/src/Operations/PBKW.php +++ b/src/Operations/PBKW.php @@ -4,8 +4,6 @@ use ParagonIE\HiddenString\HiddenString; use ParagonIE\Paserk\Operations\PBKW\{ - PBKWv1, - PBKWv2, PBKWv3, PBKWv4 }; @@ -31,7 +29,7 @@ class PBKW const DOMAIN_SEPARATION_AUTH = "\xfe"; /** @var PBKWInterface $wrapper */ - protected $wrapper; + protected PBKWInterface $wrapper; /** * PBKW constructor. @@ -50,10 +48,6 @@ public function __construct(PBKWInterface $wrapper) public static function forVersion(ProtocolInterface $version): self { switch ($version::header()) { - case 'v1': - return new PBKW(new PBKWv1()); - case 'v2': - return new PBKW(new PBKWv2()); case 'v3': return new PBKW(new PBKWv3()); case 'v4': diff --git a/src/Operations/PBKW/PBKWv1.php b/src/Operations/PBKW/PBKWv1.php deleted file mode 100644 index dc3cdaf..0000000 --- a/src/Operations/PBKW/PBKWv1.php +++ /dev/null @@ -1,215 +0,0 @@ -getString(), $salt, $iterations, 32, true); - - // Step 3: - $Ek = Binary::safeSubstr( - hash( - 'sha384', - PBKW::DOMAIN_SEPARATION_ENCRYPT . $preKey, - true - ), - 0, - 32 - ); - /// @SPEC DETAIL: Must be prefixed with 0xFF - - // Step 4: - $Ak = hash('sha384', PBKW::DOMAIN_SEPARATION_AUTH . $preKey, true); - /// @SPEC DETAIL: ^ Must be prefixed with 0xFE - - // Step 5: - $nonce = random_bytes(16); - - // Step 6: - $edk = openssl_encrypt( - $key->raw(), - 'aes-256-ctr', - $Ek, - OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, - $nonce - ); - - // Step 7: - $tag = hash_hmac( - 'sha384', - $header . $salt . $iterPack . $nonce . $edk, - $Ak, - true - ); - - // Step 8: - return Base64UrlSafe::encodeUnpadded( - $salt . - $iterPack . - $nonce . - $edk . - $tag - ); - } - - /** - * @param string $header - * @param string $wrapped - * @param HiddenString $password - * @return KeyInterface - * @throws \Exception - */ - public function unwrapWithPassword( - string $header, - string $wrapped, - HiddenString $password - ): KeyInterface { - $decoded = Base64UrlSafe::decode($wrapped); - $decodedLen = Binary::safeStrlen($decoded); - - // Split into components - $salt = Binary::safeSubstr($decoded, 0, 32); - $iterPack = Binary::safeSubstr($decoded, 32, 4); - $nonce = Binary::safeSubstr($decoded, 36, 16); - $edk = Binary::safeSubstr($decoded, 52, $decodedLen - 100); - $tag = Binary::safeSubstr($decoded, $decodedLen - 48, 48); - - $iterations = unpack('N', $iterPack)[1]; - - // Step 2: - $preKey = hash_pbkdf2('sha384', $password->getString(), $salt, $iterations, 32, true); - - // Step 3: - $Ak = hash('sha384', PBKW::DOMAIN_SEPARATION_AUTH . $preKey, true); - /// @SPEC DETAIL: ^ Must be prefixed with 0xFE - - // Step 4: - $t2 = hash_hmac( - 'sha384', - $header . $salt . $iterPack . $nonce . $edk, - $Ak, - true - ); - - // Step 5: - if (!hash_equals($t2, $tag)) { - Util::wipe($t2); - Util::wipe($Ak); - throw new PaserkException('Invalid password or wrapped key'); - } - /// @SPEC DETAIL: This check must be constant-time. - - // Step 6: - $Ek = Binary::safeSubstr( - hash('sha384', PBKW::DOMAIN_SEPARATION_ENCRYPT . $preKey, true), - 0, - 32 - ); - /// @SPEC DETAIL: Must be prefixed with 0xFF - - // Step 7: - $ptk = openssl_decrypt( - $edk, - 'aes-256-ctr', - $Ek, - OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, - $nonce - ); - - // Step 8: - if (hash_equals($header, static::localHeader())) { - return new SymmetricKey($ptk, static::getProtocol()); - } - if (hash_equals($header, static::secretHeader())) { - return new AsymmetricSecretKey($ptk, static::getProtocol()); - } - throw new TypeError(); - } -} diff --git a/src/Operations/PBKW/PBKWv2.php b/src/Operations/PBKW/PBKWv2.php deleted file mode 100644 index 1d449bc..0000000 --- a/src/Operations/PBKW/PBKWv2.php +++ /dev/null @@ -1,216 +0,0 @@ -getString(), - $salt, - $ops, - $mem, - SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13 - ); - - // Step 3: - $Ek = sodium_crypto_generichash(PBKW::DOMAIN_SEPARATION_ENCRYPT . $preKey); - /// @SPEC DETAIL: ^ Must be prefixed with 0xFF for encryption - - // Step 4: - $Ak = sodium_crypto_generichash(PBKW::DOMAIN_SEPARATION_AUTH . $preKey); - /// @SPEC DETAIL: ^ Must be prefixed with 0xFE for authentication - - // Step 5: - $nonce = random_bytes(24); - - // Step 6: - $edk = sodium_crypto_stream_xchacha20_xor( - $key->raw(), - $nonce, - $Ek - ); - - // Step 7: - $tag = sodium_crypto_generichash( - $header . $salt . $memPack . $opsPack . $paraPack . $nonce . $edk, - $Ak - ); - - // Step 8: - return Base64UrlSafe::encodeUnpadded( - $salt . $memPack . $opsPack . $paraPack . $nonce . $edk . $tag - ); - } - - /** - * @param string $header - * @param string $wrapped - * @param HiddenString $password - * @return KeyInterface - * - * @throws Exception - * @throws PaserkException - * @throws SodiumException - * @throws TypeError - */ - public function unwrapWithPassword( - string $header, - string $wrapped, - HiddenString $password - ): KeyInterface { - $decoded = Base64UrlSafe::decode($wrapped); - $decodedLen = Binary::safeStrlen($decoded); - - $salt = Binary::safeSubstr($decoded, 0, 16); - $memPack = Binary::safeSubstr($decoded, 16, 8); - $opsPack = Binary::safeSubstr($decoded, 24, 4); - $paraPack = Binary::safeSubstr($decoded, 28, 4); - $nonce = Binary::safeSubstr($decoded, 32, 24); - $edk = Binary::safeSubstr($decoded, 56, $decodedLen - 88); - $tag = Binary::safeSubstr($decoded, $decodedLen - 32, 32); - $mem = unpack('J', $memPack)[1]; - $ops = unpack('N', $opsPack)[1]; - // Parallelism is not used in PHP, but we still store it as p=1 - if (!hash_equals($paraPack, "\x00\x00\x00\x01")) { - // Fail fast if an invalid parameter is provided - throw new PaserkException("Parallelism > 1 is not supported in PHP"); - } - - // Step 2: - $preKey = sodium_crypto_pwhash( - 32, - $password->getString(), - $salt, - $ops, - $mem, - SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13 - ); - - // Step 3: - $Ak = sodium_crypto_generichash(PBKW::DOMAIN_SEPARATION_AUTH . $preKey); - /// @SPEC DETAIL: ^ Must be prefixed with 0xFE for authentication - - // Step 4: - $t2 = sodium_crypto_generichash( - $header . $salt . $memPack . $opsPack . $paraPack . $nonce . $edk, - $Ak - ); - - // Step 5: - if (!hash_equals($t2, $tag)) { - throw new PaserkException('Invalid password or wrapped key'); - } - /// @SPEC DETAIL: This check must be constant-time. - - // Step 6: - $Ek = sodium_crypto_generichash(PBKW::DOMAIN_SEPARATION_ENCRYPT . $preKey); - /// @SPEC DETAIL: ^ Must be prefixed with 0xFF for encryption - - // Step 7: - $ptk = sodium_crypto_stream_xchacha20_xor( - $edk, - $nonce, - $Ek - ); - - // Step 8: - if (hash_equals($header, static::localHeader())) { - return new SymmetricKey($ptk, static::getProtocol()); - } - if (hash_equals($header, static::secretHeader())) { - return new AsymmetricSecretKey($ptk, static::getProtocol()); - } - throw new TypeError(); - } -} diff --git a/src/Operations/PBKW/PBKWv3.php b/src/Operations/PBKW/PBKWv3.php index cbaade3..07650ba 100644 --- a/src/Operations/PBKW/PBKWv3.php +++ b/src/Operations/PBKW/PBKWv3.php @@ -2,14 +2,42 @@ declare(strict_types=1); namespace ParagonIE\Paserk\Operations\PBKW; +use ParagonIE\ConstantTime\{ + Base64UrlSafe, + Binary +}; +use ParagonIE\HiddenString\HiddenString; +use ParagonIE\Paserk\Util; +use ParagonIE\Paserk\Operations\{ + PBKW, + PBKWInterface +}; +use ParagonIE\Paserk\PaserkException; +use ParagonIE\Paseto\KeyInterface; +use ParagonIE\Paseto\Keys\{ + AsymmetricSecretKey, + SymmetricKey +}; use ParagonIE\Paseto\Protocol\Version3; use ParagonIE\Paseto\ProtocolInterface; +use Exception; +use TypeError; +use function + hash, + hash_equals, + hash_hmac, + hash_pbkdf2, + openssl_decrypt, + openssl_encrypt, + pack, + random_bytes, + unpack; /** * Class PBKWv3 * @package ParagonIE\Paserk\Operations\PBKW */ -class PBKWv3 extends PBKWv1 +class PBKWv3 implements PBKWInterface { /** * @return string @@ -34,4 +62,154 @@ public static function getProtocol(): ProtocolInterface { return new Version3(); } + + /** + * @param KeyInterface $key + * @param HiddenString $password + * @param array $options + * @return string + * + * @throws Exception + * @throws PaserkException + */ + public function wrapWithPassword( + KeyInterface $key, + HiddenString $password, + array $options = [] + ): string { + if ($key instanceof SymmetricKey) { + $header = static::localHeader(); + } elseif ($key instanceof AsymmetricSecretKey) { + $header = static::secretHeader(); + } else { + throw new PaserkException('Invalid key type'); + } + + // Step 1: + $salt = random_bytes(32); + $iterations = $options['iterations'] ?? 100000; + $iterPack = pack('N', $iterations); + + // Step 2: + $preKey = hash_pbkdf2('sha384', $password->getString(), $salt, $iterations, 32, true); + + // Step 3: + $Ek = Binary::safeSubstr( + hash( + 'sha384', + PBKW::DOMAIN_SEPARATION_ENCRYPT . $preKey, + true + ), + 0, + 32 + ); + /// @SPEC DETAIL: Must be prefixed with 0xFF + + // Step 4: + $Ak = hash('sha384', PBKW::DOMAIN_SEPARATION_AUTH . $preKey, true); + /// @SPEC DETAIL: ^ Must be prefixed with 0xFE + + // Step 5: + $nonce = random_bytes(16); + + // Step 6: + $edk = openssl_encrypt( + $key->raw(), + 'aes-256-ctr', + $Ek, + OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, + $nonce + ); + + // Step 7: + $tag = hash_hmac( + 'sha384', + $header . $salt . $iterPack . $nonce . $edk, + $Ak, + true + ); + + // Step 8: + return Base64UrlSafe::encodeUnpadded( + $salt . + $iterPack . + $nonce . + $edk . + $tag + ); + } + + /** + * @param string $header + * @param string $wrapped + * @param HiddenString $password + * @return KeyInterface + * @throws \Exception + */ + public function unwrapWithPassword( + string $header, + string $wrapped, + HiddenString $password + ): KeyInterface { + $decoded = Base64UrlSafe::decode($wrapped); + $decodedLen = Binary::safeStrlen($decoded); + + // Split into components + $salt = Binary::safeSubstr($decoded, 0, 32); + $iterPack = Binary::safeSubstr($decoded, 32, 4); + $nonce = Binary::safeSubstr($decoded, 36, 16); + $edk = Binary::safeSubstr($decoded, 52, $decodedLen - 100); + $tag = Binary::safeSubstr($decoded, $decodedLen - 48, 48); + + $iterations = unpack('N', $iterPack)[1]; + + // Step 2: + $preKey = hash_pbkdf2('sha384', $password->getString(), $salt, $iterations, 32, true); + + // Step 3: + $Ak = hash('sha384', PBKW::DOMAIN_SEPARATION_AUTH . $preKey, true); + /// @SPEC DETAIL: ^ Must be prefixed with 0xFE + + // Step 4: + $t2 = hash_hmac( + 'sha384', + $header . $salt . $iterPack . $nonce . $edk, + $Ak, + true + ); + + // Step 5: + if (!hash_equals($t2, $tag)) { + Util::wipe($t2); + Util::wipe($Ak); + throw new PaserkException('Invalid password or wrapped key'); + } + /// @SPEC DETAIL: This check must be constant-time. + + // Step 6: + $Ek = Binary::safeSubstr( + hash('sha384', PBKW::DOMAIN_SEPARATION_ENCRYPT . $preKey, true), + 0, + 32 + ); + /// @SPEC DETAIL: Must be prefixed with 0xFF + + // Step 7: + $ptk = openssl_decrypt( + $edk, + 'aes-256-ctr', + $Ek, + OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, + $nonce + ); + + // Step 8: + if (hash_equals($header, static::localHeader())) { + return new SymmetricKey($ptk, static::getProtocol()); + } + if (hash_equals($header, static::secretHeader())) { + return new AsymmetricSecretKey($ptk, static::getProtocol()); + } + throw new TypeError(); + } } diff --git a/src/Operations/PBKW/PBKWv4.php b/src/Operations/PBKW/PBKWv4.php index 227b595..b4aead1 100644 --- a/src/Operations/PBKW/PBKWv4.php +++ b/src/Operations/PBKW/PBKWv4.php @@ -2,14 +2,40 @@ declare(strict_types=1); namespace ParagonIE\Paserk\Operations\PBKW; +use ParagonIE\ConstantTime\{ + Base64UrlSafe, + Binary +}; +use ParagonIE\HiddenString\HiddenString; +use ParagonIE\Paserk\Operations\{ + PBKW, + PBKWInterface +}; +use ParagonIE\Paserk\PaserkException; +use ParagonIE\Paseto\KeyInterface; +use ParagonIE\Paseto\Keys\{ + AsymmetricSecretKey, + SymmetricKey +}; use ParagonIE\Paseto\Protocol\Version4; use ParagonIE\Paseto\ProtocolInterface; +use Exception; +use SodiumException; +use TypeError; +use function + hash_equals, + sodium_crypto_generichash, + sodium_crypto_pwhash, + sodium_crypto_stream_xchacha20_xor, + pack, + random_bytes, + unpack; /** * Class PBKWv4 * @package ParagonIE\Paserk\Operations\PBKW */ -class PBKWv4 extends PBKWv2 +class PBKWv4 implements PBKWInterface { /** * @return string @@ -35,4 +61,156 @@ public static function getProtocol(): ProtocolInterface { return new Version4(); } + /** + * @param KeyInterface $key + * @param HiddenString $password + * @param array $options + * @return string + * + * @throws Exception + * @throws PaserkException + * @throws SodiumException + */ + public function wrapWithPassword( + KeyInterface $key, + HiddenString $password, + array $options = [] + ): string { + if ($key instanceof SymmetricKey) { + $header = static::localHeader(); + } elseif ($key instanceof AsymmetricSecretKey) { + $header = static::secretHeader(); + } else { + throw new PaserkException('Invalid key type'); + } + + $ops = $options['opslimit'] ?? SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE; + $mem = $options['memlimit'] ?? SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE; + $memPack = pack('J', $mem); + $opsPack = pack('N', $ops); + $paraPack = "\x00\x00\x00\x01"; // We can't set this in PHP + + // Step 1: + $salt = random_bytes(16); + + // Step 2: + $preKey = sodium_crypto_pwhash( + 32, + $password->getString(), + $salt, + $ops, + $mem, + SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13 + ); + + // Step 3: + $Ek = sodium_crypto_generichash(PBKW::DOMAIN_SEPARATION_ENCRYPT . $preKey); + /// @SPEC DETAIL: ^ Must be prefixed with 0xFF for encryption + + // Step 4: + $Ak = sodium_crypto_generichash(PBKW::DOMAIN_SEPARATION_AUTH . $preKey); + /// @SPEC DETAIL: ^ Must be prefixed with 0xFE for authentication + + // Step 5: + $nonce = random_bytes(24); + + // Step 6: + $edk = sodium_crypto_stream_xchacha20_xor( + $key->raw(), + $nonce, + $Ek + ); + + // Step 7: + $tag = sodium_crypto_generichash( + $header . $salt . $memPack . $opsPack . $paraPack . $nonce . $edk, + $Ak + ); + + // Step 8: + return Base64UrlSafe::encodeUnpadded( + $salt . $memPack . $opsPack . $paraPack . $nonce . $edk . $tag + ); + } + + /** + * @param string $header + * @param string $wrapped + * @param HiddenString $password + * @return KeyInterface + * + * @throws Exception + * @throws PaserkException + * @throws SodiumException + * @throws TypeError + */ + public function unwrapWithPassword( + string $header, + string $wrapped, + HiddenString $password + ): KeyInterface { + $decoded = Base64UrlSafe::decode($wrapped); + $decodedLen = Binary::safeStrlen($decoded); + + $salt = Binary::safeSubstr($decoded, 0, 16); + $memPack = Binary::safeSubstr($decoded, 16, 8); + $opsPack = Binary::safeSubstr($decoded, 24, 4); + $paraPack = Binary::safeSubstr($decoded, 28, 4); + $nonce = Binary::safeSubstr($decoded, 32, 24); + $edk = Binary::safeSubstr($decoded, 56, $decodedLen - 88); + $tag = Binary::safeSubstr($decoded, $decodedLen - 32, 32); + $mem = unpack('J', $memPack)[1]; + $ops = unpack('N', $opsPack)[1]; + // Parallelism is not used in PHP, but we still store it as p=1 + if (!hash_equals($paraPack, "\x00\x00\x00\x01")) { + // Fail fast if an invalid parameter is provided + throw new PaserkException("Parallelism > 1 is not supported in PHP"); + } + + // Step 2: + $preKey = sodium_crypto_pwhash( + 32, + $password->getString(), + $salt, + $ops, + $mem, + SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13 + ); + + // Step 3: + $Ak = sodium_crypto_generichash(PBKW::DOMAIN_SEPARATION_AUTH . $preKey); + /// @SPEC DETAIL: ^ Must be prefixed with 0xFE for authentication + + // Step 4: + $t2 = sodium_crypto_generichash( + $header . $salt . $memPack . $opsPack . $paraPack . $nonce . $edk, + $Ak + ); + + // Step 5: + if (!hash_equals($t2, $tag)) { + throw new PaserkException('Invalid password or wrapped key'); + } + /// @SPEC DETAIL: This check must be constant-time. + + // Step 6: + $Ek = sodium_crypto_generichash(PBKW::DOMAIN_SEPARATION_ENCRYPT . $preKey); + /// @SPEC DETAIL: ^ Must be prefixed with 0xFF for encryption + + // Step 7: + $ptk = sodium_crypto_stream_xchacha20_xor( + $edk, + $nonce, + $Ek + ); + + // Step 8: + if (hash_equals($header, static::localHeader())) { + return new SymmetricKey($ptk, static::getProtocol()); + } + if (hash_equals($header, static::secretHeader())) { + return new AsymmetricSecretKey($ptk, static::getProtocol()); + } + throw new TypeError(); + } } diff --git a/src/Operations/PKE.php b/src/Operations/PKE.php index fd813ed..d9026f2 100644 --- a/src/Operations/PKE.php +++ b/src/Operations/PKE.php @@ -3,8 +3,6 @@ namespace ParagonIE\Paserk\Operations; use ParagonIE\Paserk\Operations\PKE\{ - PKEv1, - PKEv2, PKEv3, PKEv4 }; @@ -31,7 +29,7 @@ class PKE const DOMAIN_SEPARATION_AUTH = "\x02"; /** @var ProtocolInterface $version */ - protected $version; + protected ProtocolInterface $version; public function __construct(ProtocolInterface $version) { @@ -65,20 +63,13 @@ public function seal(SymmetricKey $ptk, SealingPublicKey $pk): string */ public function getSealer(): PKEInterface { - switch ($this->version::header()) { - case 'v1': - return new PKEv1(); - case 'v2': - return new PKEv2(); - case 'v3': - return new PKEv3(); - case 'v4': - return new PKEv4(); - default: - throw new PaserkException( - 'Unknown version: ' . $this->version::header() - ); - } + return match ($this->version::header()) { + 'v3' => new PKEv3(), + 'v4' => new PKEv4(), + default => throw new PaserkException( + 'Unknown version: ' . $this->version::header() + ), + }; } /** diff --git a/src/Operations/PKE/PKEv1.php b/src/Operations/PKE/PKEv1.php deleted file mode 100644 index 1c64cbb..0000000 --- a/src/Operations/PKE/PKEv1.php +++ /dev/null @@ -1,244 +0,0 @@ -loadKey($pk->raw()); - $bitLength = Binary::safeStrlen($rsa->modulus->toBits()); - if ($bitLength !== 4096) { - throw new PaserkException('Public key modulus must be 4096 bits in size'); - } - /// @SPEC DETAIL: n > 2^4095 and n < (2^4096 + 1) - $exp = (int) $rsa->exponent->toString(); - if ($exp !== 65537) { - throw new PaserkException('Public key exponent must be 65537'); - } - /// @SPEC DETAIL: e == 65537 - - // We're using RSA-KEM, which means we work with unpadded RSA - $rsa->setEncryptionMode(RSA::ENCRYPTION_NONE); - - // Step 1: - // Generate a 4096-bit random integer, with clamping bits to ensure r < pk.n - $r = random_bytes(512); - $r0 = unpack('C', $r[0])[1]; - $r[0] = pack('C', ($r0 | 0x40) & 0x7f); - /*********************************************************************\ - * CRYPTOGRAPHY ENGINEERING NOTE FROM PARAGON INITIATIVE ENTERPRISES * - ********************************************************************* - * To illustrate what's happening here: * - * * - * r[0] = [xxxxxxxx] (unknown random bits) * - * r[0] | 0x40 = [x1xxxxxx] set second-highest bit * - * r[0] & 0x7f = [01xxxxxx] clear highest bit * - * * - * Given that we require N to be 4096 bits in length (see above * - * check), this guarantees that r < N (regardless of the remaining * - * `x` bits). * - * * - * It does, however, prevent multiplications from bailing out too * - * early (i.e. if we only cleared the highest bit) and leaking the * - * number of leading 0 bits in a given multiplication, since the * - * number of leading 0 bits is now always exactly 1. * - * * - * If we had a constant-time bigint compare function, we would have * - * used that instead of this bit of cleverness. * - \*********************************************************************/ - - // Step 2: - $c = $rsa->encrypt($r); - - // Step 3: - $x = hash_hmac( - 'sha384', - PKE::DOMAIN_SEPARATION_ENCRYPT . self::header() . $r, - hash('sha384', $c, true), - true - ); - /// @SPEC DETAIL: Prefix must be 0x01 for encryption keys - - $Ek = Binary::safeSubstr($x, 0, 32); - $nonce = Binary::safeSubstr($x, 32, 16); - - // Step 4: - $Ak = hash_hmac( - 'sha384', - PKE::DOMAIN_SEPARATION_AUTH . self::header() . $r, - hash('sha384', $c, true), - true - ); - /// @SPEC DETAIL: Prefix must be 0x02 for authentication keys - - // Step 5: - $edk = openssl_encrypt( - $ptk->raw(), - 'aes-256-ctr', - $Ek, - OPENSSL_NO_PADDING | OPENSSL_RAW_DATA, - $nonce - ); - - $t = hash_hmac('sha384', self::header() . $c . $edk, $Ak, true); - /// @SPEC DETAIL: header || c || edk, in that order - - Util::wipe($Ek); - Util::wipe($nonce); - Util::wipe($x); - Util::wipe($Ak); - return Base64UrlSafe::encodeUnpadded($t . $edk . $c); - } - - /** - * @link https://github.com/paseto-standard/paserk/blob/master/operations/PKE.md#v1-decryption - * - * @param string $header - * @param string $encoded - * @param SealingSecretKey $sk - * @return SymmetricKey - * - * @throws PaserkException - */ - public function unseal(string $header, string $encoded, SealingSecretKey $sk): SymmetricKey - { - $bin = Base64UrlSafe::decode($encoded); - $tag = Binary::safeSubstr($bin, 0, 48); - $edk = Binary::safeSubstr($bin, 48, 32); - $c = Binary::safeSubstr($bin, 80); - - // Step 1: - if (!hash_equals($header, self::header())) { - throw new PaserkException('Header mismatch'); - } - $rsa = Version1::getRsa(); - $rsa->loadKey($sk->raw()); - $rsa->setEncryptionMode(RSA::ENCRYPTION_NONE); - - $bitLength = Binary::safeStrlen($rsa->modulus->toBits()); - if ($bitLength !== 4096) { - throw new PaserkException('Public key modulus must be 4096 bits in size'); - } - /// @SPEC DETAIL: n > 2^4095 and n < (2^4096 + 1) - $exp = (int) $rsa->publicExponent->toString(); - if ($exp !== 65537) { - throw new PaserkException('Public key exponent must be 65537'); - } - /// @SPEC DETAIL: e == 65537 - - // Step 2: - $r = $rsa->decrypt($c); - - // Step 3: - $Ak = hash_hmac( - 'sha384', - PKE::DOMAIN_SEPARATION_AUTH . self::header() . $r, - hash('sha384', $c, true), - true - ); - /// @SPEC DETAIL: Prefix must be 0x02 for authentication keys - - // Step 4: - $t2 = hash_hmac('sha384', self::header() . $c . $edk, $Ak, true); - - // Step 5: - if (!hash_equals($t2, $tag)) { - Util::wipe($t2); - Util::wipe($Ak); - throw new PaserkException('Invalid auth tag'); - } - /// @SPEC DETAIL: This must be a constant-time compare. - - // Step 6: - $x = hash_hmac( - 'sha384', - PKE::DOMAIN_SEPARATION_ENCRYPT . self::header() . $r, - hash('sha384', $c, true), - true - ); - /// @SPEC DETAIL: Prefix must be 0x01 for encryption keys - $Ek = Binary::safeSubstr($x, 0, 32); - $nonce = Binary::safeSubstr($x, 32, 16); - - // Step 7: - $ptk = openssl_decrypt( - $edk, - 'aes-256-ctr', - $Ek, - OPENSSL_NO_PADDING | OPENSSL_RAW_DATA, - $nonce - ); - Util::wipe($Ek); - Util::wipe($nonce); - Util::wipe($x); - Util::wipe($Ak); - Util::wipe($t2); - - // Step 8: - return new SymmetricKey($ptk, new Version1()); - } -} diff --git a/src/Operations/PKE/PKEv2.php b/src/Operations/PKE/PKEv2.php deleted file mode 100644 index 9ef30cd..0000000 --- a/src/Operations/PKE/PKEv2.php +++ /dev/null @@ -1,184 +0,0 @@ -assertKeyVersion($pk); - - // Step 1: - $xpk = sodium_crypto_sign_ed25519_pk_to_curve25519($pk->raw()); - - // Step 2: - $eph_kp = sodium_crypto_box_keypair(); - $eph_sk = sodium_crypto_box_secretkey($eph_kp); - $eph_pk = sodium_crypto_box_publickey($eph_kp); - - // Step 3: - $xk = sodium_crypto_scalarmult($eph_sk, $xpk); - - // Step 4: - $Ek = sodium_crypto_generichash( - PKE::DOMAIN_SEPARATION_ENCRYPT . $header . $xk . $eph_pk . $xpk - ); - /// @SPEC DETAIL: Prefix is 0x01 for encryption keys - $Ak = sodium_crypto_generichash( - PKE::DOMAIN_SEPARATION_AUTH . $header . $xk . $eph_pk . $xpk - ); - /// @SPEC DETAIL: Prefix is 0x02 for authentication keys - $nonce = sodium_crypto_generichash($eph_pk . $xpk, '', 24); - - $edk = sodium_crypto_stream_xchacha20_xor( - $ptk->raw(), - $nonce, - $Ek - ); - $tag = sodium_crypto_generichash($header . $eph_pk . $edk, $Ak); - /// @SPEC DETAIL: h || epk || edk, in that order - Util::wipe($Ek); - Util::wipe($nonce); - Util::wipe($xk); - Util::wipe($Ak); - return Base64UrlSafe::encodeUnpadded($tag . $eph_pk . $edk); - } - - /** - * @link https://github.com/paseto-standard/paserk/blob/master/operations/PKE.md#v2v4-decryption - * - * @param string $header - * @param string $encoded - * @param SealingSecretKey $sk - * @return SymmetricKey - * - * @throws PaserkException - * @throws SodiumException - */ - public function unseal(string $header, string $encoded, SealingSecretKey $sk): SymmetricKey - { - $bin = Base64UrlSafe::decode($encoded); - $tag = Binary::safeSubstr($bin, 0, 32); - $eph_pk = Binary::safeSubstr($bin, 32, 32); - $edk = Binary::safeSubstr($bin, 64, 32); - - // Step 1: - if (!hash_equals($header, static::header())) { - throw new PaserkException('Header mismatch'); - } - $this->assertKeyVersion($sk); - - // Step 2: - $xsk = sodium_crypto_sign_ed25519_sk_to_curve25519($sk->raw()); - $xpk = sodium_crypto_sign_ed25519_pk_to_curve25519($sk->getPublicKey()->raw()); - - // Step 3: - $xk = sodium_crypto_scalarmult($xsk, $eph_pk); - - // Step 4: - $Ak = sodium_crypto_generichash( - PKE::DOMAIN_SEPARATION_AUTH . $header . $xk . $eph_pk . $xpk - ); - /// @SPEC DETAIL: Prefix is 0x02 for authentication keys - - // Step 5: - $t2 = sodium_crypto_generichash($header . $eph_pk . $edk, $Ak); - /// @SPEC DETAIL: h || epk || edk - - // Step 6: - if (!hash_equals($t2, $tag)) { - Util::wipe($t2); - Util::wipe($Ak); - throw new PaserkException('Invalid auth tag'); - } - /// @SPEC DETAIL: This must be a constant-time compare. - - // Step 7: - $Ek = sodium_crypto_generichash( - PKE::DOMAIN_SEPARATION_ENCRYPT . $header . $xk . $eph_pk . $xpk - ); - /// @SPEC DETAIL: Prefix is 0x01 for encryption keys - - // Step 8: - $nonce = sodium_crypto_generichash($eph_pk . $xpk, '', 24); - - // Step 9: - $ptk = sodium_crypto_stream_xchacha20_xor( - $edk, - $nonce, - $Ek - ); - Util::wipe($Ek); - Util::wipe($nonce); - Util::wipe($xk); - Util::wipe($xsk); - Util::wipe($Ak); - - // Step 10: - return new SymmetricKey($ptk, $sk->getProtocol()); - } -} diff --git a/src/Operations/PKE/PKEv4.php b/src/Operations/PKE/PKEv4.php index a3ac67a..47e173c 100644 --- a/src/Operations/PKE/PKEv4.php +++ b/src/Operations/PKE/PKEv4.php @@ -2,15 +2,46 @@ declare(strict_types=1); namespace ParagonIE\Paserk\Operations\PKE; -use ParagonIE\Paseto\Protocol\Version4; -use ParagonIE\Paseto\ProtocolInterface; +use ParagonIE\ConstantTime\{ + Base64UrlSafe, + Binary +}; +use ParagonIE\Paserk\Operations\Key\{ + SealingPublicKey, + SealingSecretKey +}; +use ParagonIE\Paserk\Operations\{ + PKE, + PKEInterface +}; +use ParagonIE\Paserk\PaserkException; +use ParagonIE\Paserk\Util; +use ParagonIE\Paseto\{ + Keys\SymmetricKey, + Protocol\Version4, + ProtocolInterface +}; +use SodiumException; +use function + hash_equals, + sodium_crypto_box_keypair, + sodium_crypto_box_publickey, + sodium_crypto_box_secretkey, + sodium_crypto_generichash, + sodium_crypto_scalarmult, + sodium_crypto_sign_ed25519_sk_to_curve25519, + sodium_crypto_sign_ed25519_pk_to_curve25519, + sodium_crypto_stream_xchacha20_xor; + /** * Class PKEv4 * @package ParagonIE\Paserk\Operations\PKE */ -class PKEv4 extends PKEv2 +class PKEv4 implements PKEInterface { + use PKETrait; + /** * @return string */ @@ -26,4 +57,129 @@ public static function getProtocol(): ProtocolInterface { return new Version4(); } + + /** + * @link https://github.com/paseto-standard/paserk/blob/master/operations/PKE.md#v2v4-encryption + * + * @param SymmetricKey $ptk + * @param SealingPublicKey $pk + * @return string + * + * @throws PaserkException + * @throws SodiumException + */ + public function seal(SymmetricKey $ptk, SealingPublicKey $pk): string + { + $header = static::header(); + $this->assertKeyVersion($pk); + + // Step 1: + $xpk = sodium_crypto_sign_ed25519_pk_to_curve25519($pk->raw()); + + // Step 2: + $eph_kp = sodium_crypto_box_keypair(); + $eph_sk = sodium_crypto_box_secretkey($eph_kp); + $eph_pk = sodium_crypto_box_publickey($eph_kp); + + // Step 3: + $xk = sodium_crypto_scalarmult($eph_sk, $xpk); + + // Step 4: + $Ek = sodium_crypto_generichash( + PKE::DOMAIN_SEPARATION_ENCRYPT . $header . $xk . $eph_pk . $xpk + ); + /// @SPEC DETAIL: Prefix is 0x01 for encryption keys + $Ak = sodium_crypto_generichash( + PKE::DOMAIN_SEPARATION_AUTH . $header . $xk . $eph_pk . $xpk + ); + /// @SPEC DETAIL: Prefix is 0x02 for authentication keys + $nonce = sodium_crypto_generichash($eph_pk . $xpk, '', 24); + + $edk = sodium_crypto_stream_xchacha20_xor( + $ptk->raw(), + $nonce, + $Ek + ); + $tag = sodium_crypto_generichash($header . $eph_pk . $edk, $Ak); + /// @SPEC DETAIL: h || epk || edk, in that order + Util::wipe($Ek); + Util::wipe($nonce); + Util::wipe($xk); + Util::wipe($Ak); + return Base64UrlSafe::encodeUnpadded($tag . $eph_pk . $edk); + } + + /** + * @link https://github.com/paseto-standard/paserk/blob/master/operations/PKE.md#v2v4-decryption + * + * @param string $header + * @param string $encoded + * @param SealingSecretKey $sk + * @return SymmetricKey + * + * @throws PaserkException + * @throws SodiumException + */ + public function unseal(string $header, string $encoded, SealingSecretKey $sk): SymmetricKey + { + $bin = Base64UrlSafe::decode($encoded); + $tag = Binary::safeSubstr($bin, 0, 32); + $eph_pk = Binary::safeSubstr($bin, 32, 32); + $edk = Binary::safeSubstr($bin, 64, 32); + + // Step 1: + if (!hash_equals($header, static::header())) { + throw new PaserkException('Header mismatch'); + } + $this->assertKeyVersion($sk); + + // Step 2: + $xsk = sodium_crypto_sign_ed25519_sk_to_curve25519($sk->raw()); + $xpk = sodium_crypto_sign_ed25519_pk_to_curve25519($sk->getPublicKey()->raw()); + + // Step 3: + $xk = sodium_crypto_scalarmult($xsk, $eph_pk); + + // Step 4: + $Ak = sodium_crypto_generichash( + PKE::DOMAIN_SEPARATION_AUTH . $header . $xk . $eph_pk . $xpk + ); + /// @SPEC DETAIL: Prefix is 0x02 for authentication keys + + // Step 5: + $t2 = sodium_crypto_generichash($header . $eph_pk . $edk, $Ak); + /// @SPEC DETAIL: h || epk || edk + + // Step 6: + if (!hash_equals($t2, $tag)) { + Util::wipe($t2); + Util::wipe($Ak); + throw new PaserkException('Invalid auth tag'); + } + /// @SPEC DETAIL: This must be a constant-time compare. + + // Step 7: + $Ek = sodium_crypto_generichash( + PKE::DOMAIN_SEPARATION_ENCRYPT . $header . $xk . $eph_pk . $xpk + ); + /// @SPEC DETAIL: Prefix is 0x01 for encryption keys + + // Step 8: + $nonce = sodium_crypto_generichash($eph_pk . $xpk, '', 24); + + // Step 9: + $ptk = sodium_crypto_stream_xchacha20_xor( + $edk, + $nonce, + $Ek + ); + Util::wipe($Ek); + Util::wipe($nonce); + Util::wipe($xk); + Util::wipe($xsk); + Util::wipe($Ak); + + // Step 10: + return new SymmetricKey($ptk, $sk->getProtocol()); + } } diff --git a/src/Operations/Wrap.php b/src/Operations/Wrap.php index ef749ae..bb40e52 100644 --- a/src/Operations/Wrap.php +++ b/src/Operations/Wrap.php @@ -18,7 +18,7 @@ class Wrap { /** @var WrapInterface $wrapper */ - protected $wrapper; + protected WrapInterface $wrapper; /** * Wrap constructor. diff --git a/src/Operations/Wrap/Pie.php b/src/Operations/Wrap/Pie.php index 8bc0c8e..761719f 100644 --- a/src/Operations/Wrap/Pie.php +++ b/src/Operations/Wrap/Pie.php @@ -3,7 +3,6 @@ namespace ParagonIE\Paserk\Operations\Wrap; use ParagonIE\ConstantTime\{ - Base64, Base64UrlSafe, Binary }; @@ -14,8 +13,6 @@ }; use ParagonIE\Paseto\ProtocolInterface; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -49,8 +46,7 @@ class Pie implements WrapInterface const DOMAIN_SEPARATION_ENCRYPT = "\x80"; const DOMAIN_SEPARATION_AUTH = "\x81"; - /** @var SymmetricKey $wrappingKey */ - protected $wrappingKey; + protected SymmetricKey $wrappingKey; /** * Pie constructor. @@ -91,11 +87,11 @@ public function wrapKey(string $header, KeyInterface $key): string // Step 1: Algorithm Lucidity $this->throwIfVersionsMismatch($key->getProtocol()); $protocol = $key->getProtocol(); - if ($protocol instanceof Version1 || $protocol instanceof Version3) { - return $this->wrapKeyV1V3($header, $key); + if ($protocol instanceof Version3) { + return $this->wrapKeyV3($header, $key); } - if ($protocol instanceof Version2 || $protocol instanceof Version4) { - return $this->wrapKeyV2V4($header, $key); + if ($protocol instanceof Version4) { + return $this->wrapKeyV4($header, $key); } throw new PaserkException('Unknown key version'); } @@ -110,7 +106,7 @@ public function wrapKey(string $header, KeyInterface $key): string * @return string * @throws Exception */ - protected function wrapKeyV1V3(string $header, KeyInterface $key): string + protected function wrapKeyV3(string $header, KeyInterface $key): string { // Step 2: $n = random_bytes(32); @@ -181,7 +177,7 @@ protected function wrapKeyV1V3(string $header, KeyInterface $key): string * @throws Exception * @throws SodiumException */ - protected function wrapKeyV2V4(string $header, KeyInterface $key): string + protected function wrapKeyV4(string $header, KeyInterface $key): string { // Step 2: $n = random_bytes(32); @@ -237,22 +233,10 @@ public function unwrapKey(string $wrapped): KeyInterface throw new PaserkException('Key is not wrapped with the PIE key-wrapping protocol'); } $header = implode('.', array_slice($pieces, 0, 3)) . '.'; - if (in_array($pieces[0], ['k1', 'k3'], true)) { + if ($pieces[0] === 'k3') { // We're in v1 or v3 mode. - $bytes = $this->unwrapKeyV1V3($header, $pieces[3]); - if ($pieces[0] === 'k1' && $pieces[1] === 'secret-wrap') { - // Handle RSA private keys - if (strpos($bytes, '-----BEGIN RSA PRIVATE KEY-----') !== 0) { - $b64 = Base64::encode($bytes); - $bytes = '-----BEGIN RSA PRIVATE KEY-----' . "\n" . - chunk_split($b64, 64, "\n") . - '-----END RSA PRIVATE KEY-----'; - } - if (Binary::safeStrlen($bytes) < 1600) { - throw new PaserkException("Unwrapped RSA secret key is too small"); - } - // If we're here, we have a valid PEM-encoded RSA private key. - } elseif ($pieces[0] === 'k3' && $pieces[1] === 'secret-wrap') { + $bytes = $this->unwrapKeyV3($header, $pieces[3]); + if ($pieces[1] === 'secret-wrap') { // Handle ECDSA private keys if (Binary::safeStrlen($bytes) !== 48) { throw new PaserkException("Unwrapped ECDSA secret key must be 48 bytes"); @@ -262,9 +246,9 @@ public function unwrapKey(string $wrapped): KeyInterface throw new PaserkException("Unwrapped local keys must be 32 bytes"); } // If we're here, we have a valid RSA/ECDSA secret key or 256-bit symmetric key. - } elseif (in_array($pieces[0], ['k2', 'k4'], true)) { + } elseif ($pieces[0] === 'k4') { // We're in v2 or v4 mode. - $bytes = $this->unwrapKeyV2V4($header, $pieces[3]); + $bytes = $this->unwrapKeyV4($header, $pieces[3]); if ($pieces[1] === 'secret-wrap') { if (Binary::safeStrlen($bytes) !== 64) { throw new PaserkException("Unwrapped Ed25519 secret keys must be 64 bytes"); @@ -301,7 +285,7 @@ public function unwrapKey(string $wrapped): KeyInterface * @return string * @throws PaserkException */ - protected function unwrapKeyV1V3(string $header, string $encoded): string + protected function unwrapKeyV3(string $header, string $encoded): string { // Step 1: $decoded = Base64UrlSafe::decode($encoded); @@ -376,7 +360,7 @@ protected function unwrapKeyV1V3(string $header, string $encoded): string * @throws PaserkException * @throws SodiumException */ - protected function unwrapKeyV2V4(string $header, string $encoded): string + protected function unwrapKeyV4(string $header, string $encoded): string { // Step 1: $decoded = Base64UrlSafe::decode($encoded); diff --git a/src/Types/PublicType.php b/src/Types/PublicType.php index 003d3f2..aacaa37 100644 --- a/src/Types/PublicType.php +++ b/src/Types/PublicType.php @@ -2,32 +2,25 @@ declare(strict_types=1); namespace ParagonIE\Paserk\Types; -use ParagonIE\ConstantTime\{ - Base64, - Base64UrlSafe, - Binary -}; use ParagonIE\Paserk\{ ConstraintTrait, PaserkException, PaserkTypeInterface, Util }; -use ParagonIE\Paseto\{ - Exception\InvalidVersionException, +use ParagonIE\Paseto\{Exception\InvalidVersionException, + Exception\PasetoException, KeyInterface, Keys\AsymmetricPublicKey, - Protocol\Version1, ProtocolCollection, - ProtocolInterface -}; + ProtocolInterface}; +use Exception; +use SodiumException; use function - chunk_split, count, explode, hash_equals, - implode, - preg_replace; + implode; /** * Class PublicType @@ -53,6 +46,7 @@ public function __construct(ProtocolInterface ...$versions) { * @return KeyInterface * * @throws PaserkException + * @throws Exception */ public function decode(string $paserk): KeyInterface { @@ -67,38 +61,18 @@ public function decode(string $paserk): KeyInterface $this->throwIfInvalidProtocol($version); /// @SPEC DETAIL: Algorithm Lucidity - if ($pieces[0] === 'k1') { - return $this->decodeV1($pieces[2]); - } return AsymmetricPublicKey::fromEncodedString( $pieces[2], $version ); } - /** - * @param string $encoded - * @return AsymmetricPublicKey - * @throws \Exception - */ - public function decodeV1(string $encoded): AsymmetricPublicKey - { - $raw = Base64UrlSafe::decode($encoded); - if (Binary::safeStrlen($raw) < 200) { - throw new PaserkException("Public key is too short"); - } - $b64 = Base64::encode($raw); - $pem = '-----BEGIN PUBLIC KEY-----' . "\n" . - chunk_split($b64, 64, "\n") . - '-----END PUBLIC KEY-----'; - return new AsymmetricPublicKey($pem, new Version1()); - } - /** * @param KeyInterface $key * @return string * * @throws PaserkException + * @throws PasetoException */ public function encode(KeyInterface $key): string { @@ -109,39 +83,14 @@ public function encode(KeyInterface $key): string /// @SPEC DETAIL: Algorithm Lucidity $version = Util::getPaserkHeader($key->getProtocol()); - switch ($version) { - case 'k1': - return implode('.', [ - $version, - self::getTypeLabel(), - $this->encodeV1($key->raw()) - ]); - case 'k2': - case 'k3': - case 'k4': - return implode('.', [ - $version, - self::getTypeLabel(), - $key->encode() - ]); - default: - throw new PaserkException('Unknown version'); - } - } - - /** - * @param string $pk - * @return string - */ - public function encodeV1(string $pk): string - { - $pem = preg_replace('#-{3,}(BEGIN|END) [^-]+-{3,}#', '', $pk); - $decoded = Base64::decode(preg_replace('#[^A-Za-z0-9+/]#', '', $pem)); - $length = Binary::safeStrlen($decoded); - if ($length < 292) { - throw new PaserkException("Public key is too short: {$length}"); - } - return Base64UrlSafe::encodeUnpadded($decoded); + return match ($version) { + 'k3', 'k4' => implode('.', [ + $version, + self::getTypeLabel(), + $key->encode() + ]), + default => throw new PaserkException('Unknown version'), + }; } /** @@ -157,8 +106,9 @@ public static function getTypeLabel(): string * * @param KeyInterface $key * @return string + * * @throws PaserkException - * @throws \SodiumException + * @throws SodiumException */ public function id(KeyInterface $key): string { diff --git a/src/Types/SecretType.php b/src/Types/SecretType.php index 9b8fef4..a747481 100644 --- a/src/Types/SecretType.php +++ b/src/Types/SecretType.php @@ -17,18 +17,16 @@ Exception\InvalidVersionException, KeyInterface, Keys\AsymmetricSecretKey, - Protocol\Version1, ProtocolCollection, ProtocolInterface }; use Exception; +use SodiumException; use function - chunk_split, count, explode, hash_equals, - implode, - preg_replace; + implode; /** * Class SecretType @@ -71,35 +69,11 @@ public function decode(string $paserk): KeyInterface $this->throwIfInvalidProtocol($version); /// @SPEC DETAIL: Algorithm Lucidity - if ($pieces[0] === 'k1') { - return $this->decodeV1($pieces[2]); - } $rawKey = Base64UrlSafe::decode($pieces[2]); $this->throwIfWrongKeyLength($version, Binary::safeStrlen($rawKey)); return new AsymmetricSecretKey($rawKey, $version); } - /** - * Special decoding rules for PASETO v1 secret keys - * - * @param string $encoded - * @return AsymmetricSecretKey - * @throws \Exception - */ - public function decodeV1(string $encoded): AsymmetricSecretKey - { - $raw = Base64UrlSafe::decode($encoded); - $length = Binary::safeStrlen($raw); - if ($length < 1180) { - throw new PaserkException("Secret key is too short: {$length}"); - } - $b64 = Base64::encode($raw); - $pem = '-----BEGIN RSA PRIVATE KEY-----' . "\n" . - chunk_split($b64, 64, "\n") . - '-----END RSA PRIVATE KEY-----'; - return new AsymmetricSecretKey($pem, new Version1()); - } - /** * Encode a PASETO secret key into a PASERK string * @@ -118,13 +92,6 @@ public function encode(KeyInterface $key): string $version = Util::getPaserkHeader($key->getProtocol()); switch ($version) { - case 'k1': - return implode('.', [ - $version, - self::getTypeLabel(), - $this->encodeV1($key->raw()) - ]); - case 'k2': case 'k3': case 'k4': $this->throwIfWrongKeyLength( @@ -141,25 +108,6 @@ public function encode(KeyInterface $key): string } } - /** - * Special encoding rules for PASETO v1 secret keys - * - * @param string $pk - * @return string - * - * @throws PaserkException - */ - public function encodeV1(string $pk): string - { - $pem = preg_replace('#-{3,}(BEGIN|END) [^-]+-{3,}#', '', $pk); - $decoded = Base64::decode(preg_replace('#[^A-Za-z0-9+/]#', '', $pem)); - $length = Binary::safeStrlen($decoded); - if ($length < 1180) { - throw new PaserkException("Secret key is too short: {$length}"); - } - return Base64UrlSafe::encodeUnpadded($decoded); - } - /** * @return string */ @@ -173,8 +121,9 @@ public static function getTypeLabel(): string * * @param KeyInterface $key * @return string + * * @throws PaserkException - * @throws \SodiumException + * @throws SodiumException */ public function id(KeyInterface $key): string { @@ -190,22 +139,16 @@ public function id(KeyInterface $key): string private function throwIfWrongKeyLength(ProtocolInterface $protocol, int $length): void { switch ($protocol::header()) { - case 'v1': - if ($length > 290) { + case 'v3': + if ($length > 47) { return; } break; - case 'v2': case 'v4': if ($length === 64) { return; } break; - case 'v3': - if ($length > 47) { - return; - } - break; } throw new PaserkException("Invalid secret key length: {$length}"); } diff --git a/src/Util.php b/src/Util.php index d779d70..94207e6 100644 --- a/src/Util.php +++ b/src/Util.php @@ -3,8 +3,6 @@ namespace ParagonIE\Paserk; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -28,18 +26,11 @@ class Util */ public static function getPasetoVersion(string $version): ProtocolInterface { - switch ($version) { - case 'k1': - return new Version1(); - case 'k2': - return new Version2(); - case 'k3': - return new Version3(); - case 'k4': - return new Version4(); - default: - throw new PaserkException('Invalid version provided'); - } + return match ($version) { + 'k3' => new Version3(), + 'k4' => new Version4(), + default => throw new PaserkException('Invalid version provided'), + }; } /** @@ -51,12 +42,6 @@ public static function getPasetoVersion(string $version): ProtocolInterface */ public static function getPaserkHeader(ProtocolInterface $pasetoVersion): string { - if ($pasetoVersion instanceof Version1) { - return 'k1'; - } - if ($pasetoVersion instanceof Version2) { - return 'k2'; - } if ($pasetoVersion instanceof Version3) { return 'k3'; } diff --git a/tests/KAT/LidTest.php b/tests/KAT/LidTest.php index 2319596..69c7774 100644 --- a/tests/KAT/LidTest.php +++ b/tests/KAT/LidTest.php @@ -9,8 +9,6 @@ use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\ProtocolInterface; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -20,16 +18,6 @@ */ class LidTest extends KnownAnswers { - public function testV1() - { - $this->doJsonTest(new Version1(), 'k1.lid.json'); - } - - public function testV2() - { - $this->doJsonTest(new Version2(), 'k2.lid.json'); - } - public function testV3() { $this->doJsonTest(new Version3(), 'k3.lid.json'); diff --git a/tests/KAT/LocalPWTest.php b/tests/KAT/LocalPWTest.php index fc93f22..6971f14 100644 --- a/tests/KAT/LocalPWTest.php +++ b/tests/KAT/LocalPWTest.php @@ -8,8 +8,6 @@ use ParagonIE\Paserk\Types\LocalPW; use ParagonIE\Paserk\Tests\KnownAnswers; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -20,15 +18,6 @@ */ class LocalPWTest extends KnownAnswers { - public function testV1() - { - $this->doJsonTest(new Version1(), 'k1.local-pw.json'); - } - - public function testV2() - { - $this->doJsonTest(new Version2(), 'k2.local-pw.json'); - } public function testV3() { diff --git a/tests/KAT/LocalTest.php b/tests/KAT/LocalTest.php index b744f69..2ea0ab3 100644 --- a/tests/KAT/LocalTest.php +++ b/tests/KAT/LocalTest.php @@ -9,8 +9,6 @@ use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\ProtocolInterface; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -20,16 +18,6 @@ */ class LocalTest extends KnownAnswers { - public function testV1() - { - $this->doJsonTest(new Version1(), 'k1.local.json'); - } - - public function testV2() - { - $this->doJsonTest(new Version2(), 'k2.local.json'); - } - public function testV3() { $this->doJsonTest(new Version3(), 'k3.local.json'); diff --git a/tests/KAT/LocalWrapPieTest.php b/tests/KAT/LocalWrapPieTest.php index ea67793..f9399e3 100644 --- a/tests/KAT/LocalWrapPieTest.php +++ b/tests/KAT/LocalWrapPieTest.php @@ -5,12 +5,11 @@ use ParagonIE\ConstantTime\Hex; use ParagonIE\Paserk\Operations\Wrap; use ParagonIE\Paserk\Operations\Wrap\Pie; +use ParagonIE\Paserk\PaserkException; use ParagonIE\Paserk\Types\LocalWrap; use ParagonIE\Paserk\Tests\KnownAnswers; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -21,16 +20,6 @@ */ class LocalWrapPieTest extends KnownAnswers { - public function testV1() - { - $this->doJsonTest(new Version1(), 'k1.local-wrap.pie.json'); - } - - public function testV2() - { - $this->doJsonTest(new Version2(), 'k2.local-wrap.pie.json'); - } - public function testV3() { $this->doJsonTest(new Version3(), 'k3.local-wrap.pie.json'); @@ -45,6 +34,8 @@ public function testV4() * @param ProtocolInterface $version * @param string $name * @param array $tests + * + * @throws PaserkException */ protected function genericTest(ProtocolInterface $version, string $name, array $tests): void { diff --git a/tests/KAT/PidTest.php b/tests/KAT/PidTest.php index 171d8fc..c7412e7 100644 --- a/tests/KAT/PidTest.php +++ b/tests/KAT/PidTest.php @@ -6,14 +6,11 @@ use ParagonIE\ConstantTime\Hex; use ParagonIE\Paserk\PaserkException; use ParagonIE\Paserk\Tests\KnownAnswers; -use ParagonIE\Paserk\Types\Lid; use ParagonIE\Paserk\Types\Pid; use ParagonIE\Paseto\Exception\PasetoException; use ParagonIE\Paseto\Keys\AsymmetricPublicKey; use ParagonIE\Paseto\ProtocolInterface; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -23,16 +20,6 @@ */ class PidTest extends KnownAnswers { - public function testV1() - { - $this->doJsonTest(new Version1(), 'k1.pid.json'); - } - - public function testV2() - { - $this->doJsonTest(new Version2(), 'k2.pid.json'); - } - public function testV3() { $this->doJsonTest(new Version3(), 'k3.pid.json'); @@ -48,9 +35,6 @@ public function testV4() */ protected function getPublicKey(ProtocolInterface $version, string $key): AsymmetricPublicKey { - if ($version instanceof Version1) { - return new AsymmetricPublicKey($key, $version); - } return new AsymmetricPublicKey(Hex::decode($key), $version); } diff --git a/tests/KAT/PublicTest.php b/tests/KAT/PublicTest.php index 7070a11..c361d6b 100644 --- a/tests/KAT/PublicTest.php +++ b/tests/KAT/PublicTest.php @@ -12,8 +12,6 @@ use ParagonIE\Paseto\Keys\AsymmetricPublicKey; use ParagonIE\Paseto\ProtocolInterface; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -23,16 +21,6 @@ */ class PublicTest extends KnownAnswers { - public function testV1() - { - $this->doJsonTest(new Version1(), 'k1.public.json'); - } - - public function testV2() - { - $this->doJsonTest(new Version2(), 'k2.public.json'); - } - public function testV3() { $this->doJsonTest(new Version3(), 'k3.public.json'); @@ -45,9 +33,6 @@ public function testV4() protected function getPublicKey(ProtocolInterface $version, string $key): AsymmetricPublicKey { - if ($version instanceof Version1) { - return new AsymmetricPublicKey($key, $version); - } return new AsymmetricPublicKey(Hex::decode($key), $version); } diff --git a/tests/KAT/SealTest.php b/tests/KAT/SealTest.php index 9eee8a4..b57e0a0 100644 --- a/tests/KAT/SealTest.php +++ b/tests/KAT/SealTest.php @@ -12,8 +12,6 @@ SealingPublicKey }; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -24,16 +22,6 @@ */ class SealTest extends KnownAnswers { - public function testV1() - { - $this->doJsonTest(new Version1(), 'k1.seal.json'); - } - - public function testV2() - { - $this->doJsonTest(new Version2(), 'k2.seal.json'); - } - public function testV3() { $this->doJsonTest(new Version3(), 'k3.seal.json'); @@ -51,7 +39,7 @@ public function testV4() protected function genericTest(ProtocolInterface $version, string $name, array $tests): void { foreach ($tests as $test) { - if ($version::header() === 'v1' || $version::header() === 'v3') { + if ($version::header() === 'v3') { $sk = new SealingSecretKey($test['sealing-secret-key'], $version); $pk = new SealingPublicKey($test['sealing-public-key'], $version); } else { diff --git a/tests/KAT/SecretPWTest.php b/tests/KAT/SecretPWTest.php index fe4eaf5..cf6b1bb 100644 --- a/tests/KAT/SecretPWTest.php +++ b/tests/KAT/SecretPWTest.php @@ -8,8 +8,6 @@ use ParagonIE\Paserk\Types\SecretPW; use ParagonIE\Paserk\Tests\KnownAnswers; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -20,16 +18,6 @@ */ class SecretPWTest extends KnownAnswers { - public function testV1() - { - $this->doJsonTest(new Version1(), 'k1.secret-pw.json'); - } - - public function testV2() - { - $this->doJsonTest(new Version2(), 'k2.secret-pw.json'); - } - public function testV3() { $this->doJsonTest(new Version3(), 'k3.secret-pw.json'); diff --git a/tests/KAT/SecretTest.php b/tests/KAT/SecretTest.php index 4d3fe89..8da2248 100644 --- a/tests/KAT/SecretTest.php +++ b/tests/KAT/SecretTest.php @@ -12,8 +12,6 @@ use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\ProtocolInterface; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -23,16 +21,6 @@ */ class SecretTest extends KnownAnswers { - public function testV1() - { - $this->doJsonTest(new Version1(), 'k1.secret.json'); - } - - public function testV2() - { - $this->doJsonTest(new Version2(), 'k2.secret.json'); - } - public function testV3() { $this->doJsonTest(new Version3(), 'k3.secret.json'); @@ -45,9 +33,6 @@ public function testV4() protected function getSecretKey(ProtocolInterface $version, string $key): AsymmetricSecretKey { - if ($version instanceof Version1) { - return new AsymmetricSecretKey($key, $version); - } return new AsymmetricSecretKey(Hex::decode($key), $version); } @@ -79,17 +64,10 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ continue; } $secretkey = $this->getSecretKey($version, $test['key']); - if ($version instanceof Version1) { - $this->assertSame( - $test['public-key'], - $secretkey->getPublicKey()->raw() - ); - } else { - $this->assertSame( - $test['public-key'], - Hex::encode($secretkey->getPublicKey()->raw()) - ); - } + $this->assertSame( + $test['public-key'], + Hex::encode($secretkey->getPublicKey()->raw()) + ); $this->assertSame($test['paserk'], $secret->encode($secretkey), $test['name']); } } diff --git a/tests/KAT/SecretWrapPieTest.php b/tests/KAT/SecretWrapPieTest.php index 3500c6f..1c0adbf 100644 --- a/tests/KAT/SecretWrapPieTest.php +++ b/tests/KAT/SecretWrapPieTest.php @@ -5,12 +5,11 @@ use ParagonIE\ConstantTime\Hex; use ParagonIE\Paserk\Operations\Wrap; use ParagonIE\Paserk\Operations\Wrap\Pie; +use ParagonIE\Paserk\PaserkException; use ParagonIE\Paserk\Types\SecretWrap; use ParagonIE\Paserk\Tests\KnownAnswers; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -21,16 +20,6 @@ */ class SecretWrapPieTest extends KnownAnswers { - public function testV1() - { - $this->doJsonTest(new Version1(), 'k1.secret-wrap.pie.json'); - } - - public function testV2() - { - $this->doJsonTest(new Version2(), 'k2.secret-wrap.pie.json'); - } - public function testV3() { $this->doJsonTest(new Version3(), 'k3.secret-wrap.pie.json'); @@ -45,6 +34,8 @@ public function testV4() * @param ProtocolInterface $version * @param string $name * @param array $tests + * + * @throws PaserkException */ protected function genericTest(ProtocolInterface $version, string $name, array $tests): void { @@ -60,16 +51,11 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ $this->fail($name . ' > ' . $test['name'] . ': '. $test['comment']); } $unwrapped = $wrapper->decode($test['paserk']); - - if ($version instanceof Version1) { - $this->assertSame($test['unwrapped'], $unwrapped->raw(), $test['name']); - } else { - $this->assertSame( - $test['unwrapped'], - Hex::encode($unwrapped->raw()), - $test['name'] - ); - } + $this->assertSame( + $test['unwrapped'], + Hex::encode($unwrapped->raw()), + $test['name'] + ); } } } diff --git a/tests/KAT/SidTest.php b/tests/KAT/SidTest.php index cd2a801..9b032e5 100644 --- a/tests/KAT/SidTest.php +++ b/tests/KAT/SidTest.php @@ -11,8 +11,6 @@ use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\ProtocolInterface; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -22,16 +20,6 @@ */ class SidTest extends KnownAnswers { - public function testV1() - { - $this->doJsonTest(new Version1(), 'k1.sid.json'); - } - - public function testV2() - { - $this->doJsonTest(new Version2(), 'k2.sid.json'); - } - public function testV3() { $this->doJsonTest(new Version3(), 'k3.sid.json'); @@ -44,9 +32,6 @@ public function testV4() protected function getSecretKey(ProtocolInterface $version, string $key): AsymmetricSecretKey { - if ($version instanceof Version1) { - return new AsymmetricSecretKey($key, $version); - } return new AsymmetricSecretKey(Hex::decode($key), $version); } diff --git a/tests/KnownAnswers.php b/tests/KnownAnswers.php index 600a5fb..1e02f97 100644 --- a/tests/KnownAnswers.php +++ b/tests/KnownAnswers.php @@ -6,8 +6,6 @@ use ParagonIE\Paseto\ProtocolInterface; use PHPUnit\Framework\TestCase; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -23,7 +21,7 @@ abstract class KnownAnswers extends TestCase public function setUp(): void { $this->dir = __DIR__ . '/test-vectors'; - $this->versions = [new Version1, new Version2, new Version3, new Version4]; + $this->versions = [new Version3, new Version4]; } /** @@ -63,24 +61,16 @@ protected function loadTestFile(string $filename): array return $decodedFile; } + /** + * @throws \Exception + */ protected function getProtocol(string $test): ProtocolInterface { $header = Binary::safeSubstr($test, 0, 2); - switch ($header) { - case 'v1': - case 'k1': - return new Version1(); - case 'v2': - case 'k2': - return new Version2(); - case 'v3': - case 'k3': - return new Version3(); - case 'v4': - case 'k4': - return new Version4(); - default: - throw new \Exception("Unknown protocol: {$test}"); - } + return match ($header) { + 'v3', 'k3' => new Version3(), + 'v4', 'k4' => new Version4(), + default => throw new \Exception("Unknown protocol: {$test}"), + }; } } diff --git a/tests/Operations/PBKWTest.php b/tests/Operations/PBKWTest.php index 378c6a8..b7646dd 100644 --- a/tests/Operations/PBKWTest.php +++ b/tests/Operations/PBKWTest.php @@ -8,8 +8,6 @@ use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -30,8 +28,6 @@ class PBKWTest extends TestCase public function setUp(): void { $this->versions = [ - new Version1(), - new Version2(), new Version3(), new Version4(), ]; diff --git a/tests/Operations/PKE/PKEv1Test.php b/tests/Operations/PKE/PKEv1Test.php deleted file mode 100644 index 5a9853e..0000000 --- a/tests/Operations/PKE/PKEv1Test.php +++ /dev/null @@ -1,44 +0,0 @@ -v1sk = SealingSecretKey::generate(new Version1()); - $this->v1pk = $this->v1sk->getPublicKey(); - } - - public function testSealUnseal() - { - $sym = SymmetricKey::generate(new Version1()); - $pkev1 = new PKEv1(); - - $sealed = $pkev1->seal($sym, $this->v1pk); - $unsealed =$pkev1->unseal($pkev1::header(), $sealed, $this->v1sk); - $this->assertSame( - $unsealed->encode(), - $sym->encode() - ); - } -} diff --git a/tests/Operations/PKETest.php b/tests/Operations/PKETest.php index 0245ac8..47acbed 100644 --- a/tests/Operations/PKETest.php +++ b/tests/Operations/PKETest.php @@ -7,8 +7,6 @@ use ParagonIE\Paserk\Operations\PKE; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -29,8 +27,6 @@ class PKETest extends TestCase public function setUp(): void { $this->versions = [ - new Version1(), - new Version2(), new Version3(), new Version4() ]; diff --git a/tests/Operations/Wrap/PieTest.php b/tests/Operations/Wrap/PieTest.php index 3a00040..c031022 100644 --- a/tests/Operations/Wrap/PieTest.php +++ b/tests/Operations/Wrap/PieTest.php @@ -6,8 +6,6 @@ use ParagonIE\Paseto\Keys\AsymmetricPublicKey; use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\Keys\SymmetricKey; -use ParagonIE\Paseto\Protocol\Version1; -use ParagonIE\Paseto\Protocol\Version2; use ParagonIE\Paseto\Protocol\Version3; use ParagonIE\Paseto\Protocol\Version4; use PHPUnit\Framework\TestCase; @@ -20,37 +18,27 @@ */ class PieTest extends TestCase { - protected $v1 = []; - protected $v2 = []; protected $v3 = []; protected $v4 = []; public function setUp(): void { - $v1sk = AsymmetricSecretKey::generate(new Version1()); - $v2sk = AsymmetricSecretKey::generate(new Version2()); $v3sk = AsymmetricSecretKey::generate(new Version3()); $v4sk = AsymmetricSecretKey::generate(new Version4()); - $v1sym = SymmetricKey::generate(new Version1()); - $v2sym = SymmetricKey::generate(new Version2()); $v3sym = SymmetricKey::generate(new Version3()); $v4sym = SymmetricKey::generate(new Version4()); - $v1wk = SymmetricKey::generate(new Version1()); - $v2wk = SymmetricKey::generate(new Version2()); $v3wk = SymmetricKey::generate(new Version3()); $v4wk = SymmetricKey::generate(new Version4()); - $this->v1 = ['header' => 'k1', 'wk' => $v1wk, 'sk' => $v1sk, 'sym' => $v1sym]; - $this->v2 = ['header' => 'k2', 'wk' => $v2wk, 'sk' => $v2sk, 'sym' => $v2sym]; $this->v3 = ['header' => 'k3', 'wk' => $v3wk, 'sk' => $v3sk, 'sym' => $v3sym]; $this->v4 = ['header' => 'k4', 'wk' => $v4wk, 'sk' => $v4sk, 'sym' => $v4sym]; } public function testWrapUnwrap() { - foreach ([$this->v1, $this->v2, $this->v3, $this->v4] as $vers) { + foreach ([$this->v3, $this->v4] as $vers) { $pie = new Pie($vers['wk']); /** @var SymmetricKey $sym */ diff --git a/tests/Operations/WrapTest.php b/tests/Operations/WrapTest.php index 74c07be..7f55ac0 100644 --- a/tests/Operations/WrapTest.php +++ b/tests/Operations/WrapTest.php @@ -6,8 +6,6 @@ use ParagonIE\Paserk\Operations\Wrap\Pie; use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\Keys\SymmetricKey; -use ParagonIE\Paseto\Protocol\Version1; -use ParagonIE\Paseto\Protocol\Version2; use ParagonIE\Paseto\Protocol\Version3; use ParagonIE\Paseto\Protocol\Version4; use PHPUnit\Framework\TestCase; @@ -21,38 +19,27 @@ */ class WrapTest extends TestCase { - - protected $v1 = []; - protected $v2 = []; protected $v3 = []; protected $v4 = []; public function setUp(): void { - $v1sk = AsymmetricSecretKey::generate(new Version1()); - $v2sk = AsymmetricSecretKey::generate(new Version2()); $v3sk = AsymmetricSecretKey::generate(new Version3()); $v4sk = AsymmetricSecretKey::generate(new Version4()); - $v1sym = SymmetricKey::generate(new Version1()); - $v2sym = SymmetricKey::generate(new Version2()); $v3sym = SymmetricKey::generate(new Version3()); $v4sym = SymmetricKey::generate(new Version4()); - $v1wk = SymmetricKey::generate(new Version1()); - $v2wk = SymmetricKey::generate(new Version2()); $v3wk = SymmetricKey::generate(new Version3()); $v4wk = SymmetricKey::generate(new Version4()); - $this->v1 = ['header' => 'k1', 'wk' => $v1wk, 'sk' => $v1sk, 'sym' => $v1sym]; - $this->v2 = ['header' => 'k2', 'wk' => $v2wk, 'sk' => $v2sk, 'sym' => $v2sym]; $this->v3 = ['header' => 'k3', 'wk' => $v3wk, 'sk' => $v3sk, 'sym' => $v3sym]; $this->v4 = ['header' => 'k4', 'wk' => $v4wk, 'sk' => $v4sk, 'sym' => $v4sym]; } public function testWrapPie() { - foreach ([$this->v1, $this->v2, $this->v3, $this->v4] as $vers) { + foreach ([$this->v3, $this->v4] as $vers) { /** @var SymmetricKey $sym */ $sym = $vers['sym']; /** @var AsymmetricSecretKey $sk */ diff --git a/tests/Types/LocalPWTest.php b/tests/Types/LocalPWTest.php index e3d4840..c485c64 100644 --- a/tests/Types/LocalPWTest.php +++ b/tests/Types/LocalPWTest.php @@ -6,8 +6,6 @@ use ParagonIE\Paserk\Types\LocalPW; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -28,8 +26,6 @@ class LocalPWTest extends TestCase public function setUp(): void { $this->versions = [ - new Version1(), - new Version2(), new Version3(), new Version4() ]; diff --git a/tests/Types/LocalTest.php b/tests/Types/LocalTest.php index f964786..b5b8a98 100644 --- a/tests/Types/LocalTest.php +++ b/tests/Types/LocalTest.php @@ -8,8 +8,6 @@ use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -23,15 +21,11 @@ */ class LocalTest extends TestCase { - protected $v1key; - protected $v2key; protected $v3key; protected $v4key; public function setUp(): void { - $this->v1key = SymmetricKey::generate(new Version1()); - $this->v2key = SymmetricKey::generate(new Version2()); $this->v3key = SymmetricKey::generate(new Version3()); $this->v4key = SymmetricKey::generate(new Version4()); } @@ -42,7 +36,7 @@ public function setUp(): void public function testEncode() { /** @var SymmetricKey $key */ - foreach ([$this->v1key, $this->v2key, $this->v3key, $this->v4key] as $key) { + foreach ([$this->v3key, $this->v4key] as $key) { $local = new Local($key->getProtocol()); $encoded = $local->encode($key); $decoded = $local->decode($encoded); @@ -60,9 +54,9 @@ public function testRejectPublic() $local = new Local(); $public = new PublicType(); - $v2pub = $public->encode($keypair->getPublicKey()); + $v4pub = $public->encode($keypair->getPublicKey()); $this->expectException(PaserkException::class); - $local->decode($v2pub); + $local->decode($v4pub); } } diff --git a/tests/Types/LocalWrapTest.php b/tests/Types/LocalWrapTest.php index a69f64d..09ca1a0 100644 --- a/tests/Types/LocalWrapTest.php +++ b/tests/Types/LocalWrapTest.php @@ -6,8 +6,6 @@ use ParagonIE\Paserk\Types\LocalWrap; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -21,16 +19,11 @@ */ class LocalWrapTest extends TestCase { - - protected $v1key; - protected $v2key; - protected $v3key; - protected $v4key; + protected SymmetricKey $v3key; + protected SymmetricKey $v4key; public function setUp(): void { - $this->v1key = SymmetricKey::generate(new Version1()); - $this->v2key = SymmetricKey::generate(new Version2()); $this->v3key = SymmetricKey::generate(new Version3()); $this->v4key = SymmetricKey::generate(new Version4()); } @@ -38,7 +31,7 @@ public function setUp(): void public function testWrap() { /** @var SymmetricKey $key */ - foreach ([$this->v1key, $this->v2key, $this->v3key, $this->v4key] as $key) { + foreach ([$this->v3key, $this->v4key] as $key) { // Generate wrapping key $version = $key->getProtocol(); $wk = SymmetricKey::generate($version); diff --git a/tests/Types/PublicTest.php b/tests/Types/PublicTest.php index 9b529ff..44933de 100644 --- a/tests/Types/PublicTest.php +++ b/tests/Types/PublicTest.php @@ -22,91 +22,41 @@ */ class PublicTest extends TestCase { - /** @var AsymmetricPublicKey $v1pk */ - protected $v1pk; - /** @var AsymmetricPublicKey $v2pk */ - protected $v2pk; - /** @var AsymmetricPublicKey $v3pk */ - protected $v3pk; - /** @var AsymmetricPublicKey $v4pk */ - protected $v4pk; - /** @var AsymmetricSecretKey $v1sk */ - protected $v1sk; - /** @var AsymmetricSecretKey $v2sk */ - protected $v2sk; - /** @var AsymmetricSecretKey $v3sk */ - protected $v3sk; - /** @var AsymmetricSecretKey $v4sk */ - protected $v4sk; - /** @var string $rsaPublicKey */ - protected $rsaPublicKey; + protected AsymmetricPublicKey $v3pk; + protected AsymmetricPublicKey $v4pk; + protected AsymmetricSecretKey $v3sk; + protected AsymmetricSecretKey $v4sk; /** * @throws \Exception */ public function setUp(): void { - $this->v1sk = AsymmetricSecretKey::generate(new Version1()); - $this->v1pk = $this->v1sk->getPublicKey(); - $this->v2sk = AsymmetricSecretKey::generate(new Version2()); - $this->v2pk = $this->v2sk->getPublicKey(); $this->v3sk = AsymmetricSecretKey::generate(new Version3()); $this->v3pk = $this->v3sk->getPublicKey(); $this->v4sk = AsymmetricSecretKey::generate(new Version4()); $this->v4pk = $this->v4sk->getPublicKey(); - - $this->rsaPublicKey = '-----BEGIN PUBLIC KEY-----' . "\n" . - 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p5GHgwoGW' . "\n" . - 'wz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwx' . "\n" . - 'KheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1' . "\n" . - 'Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAA' . "\n" . - 'pVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6al' . "\n" . - 'UyhKC1+1w/FW6HWcp/JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8' . "\n" . - 'owIDAQAB' . "\n" . - '-----END PUBLIC KEY-----'; } public function testEncodeDecode() { /** @var AsymmetricPublicKey $key */ - foreach ([$this->v1pk, $this->v2pk, $this->v3pk, $this->v4pk] as $key) { + foreach ([$this->v3pk, $this->v4pk] as $key) { $public = new PublicType($key->getProtocol()); $encoded = $public->encode($key); $decoded = $public->decode($encoded); - if ($key->getProtocol() instanceof Version1) { - // Compare raw -> compare PEM-encoded - $this->assertSame( - $key->raw(), - $decoded->raw(), - 'Key encoding failed: ' . $encoded - ); - } else { - $this->assertSame( - $key->encode(), - $decoded->encode(), - 'Key encoding failed: ' . $encoded - ); - } + $this->assertSame( + $key->encode(), + $decoded->encode(), + 'Key encoding failed: ' . $encoded + ); } } - public function testEncodeDecodeV1() - { - $public = new PublicType(); - $encoded = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWX' . - 'SQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh_uN88JPIbwxKheDp4kxo4YMN5tr' . - 'PaF0e9G6Bj1N02HnanxFLW-gmLbgYO_SZYfWF_M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3Yb' . - 'xgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnA' . - 'wIMjeTJB_0AIELh0mE5vwdihOCbdV6alUyhKC1-1w_FW6HWcp_JG1kKC8DPIidZ78Bbqv9YF' . - 'zkAbNni5eSBOsXVBKG78Zsc8owIDAQAB'; - $this->assertSame($encoded, $public->encodeV1($this->rsaPublicKey)); - $this->assertSame($this->rsaPublicKey, $public->decodeV1($encoded)->raw()); - } - public function testRejectSecret() { $public = new PublicType(); $this->expectException(PaserkException::class); - $public->encode($this->v1sk); + $public->encode($this->v3sk); } } diff --git a/tests/Types/SealTest.php b/tests/Types/SealTest.php index d2517ef..e4029cf 100644 --- a/tests/Types/SealTest.php +++ b/tests/Types/SealTest.php @@ -14,8 +14,6 @@ }; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -37,8 +35,6 @@ class SealTest extends TestCase public function setUp(): void { $this->versions = [ - new Version1(), - new Version2(), new Version3(), new Version4() ]; diff --git a/tests/Types/SecretPWTest.php b/tests/Types/SecretPWTest.php index f3ba47e..71a73b2 100644 --- a/tests/Types/SecretPWTest.php +++ b/tests/Types/SecretPWTest.php @@ -6,8 +6,6 @@ use ParagonIE\Paserk\Types\SecretPW; use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -28,8 +26,6 @@ class SecretPWTest extends TestCase public function setUp(): void { $this->versions = [ - new Version1(), - new Version2(), new Version3(), new Version4() ]; diff --git a/tests/Types/SecretTest.php b/tests/Types/SecretTest.php index 2b5d25a..14ba21f 100644 --- a/tests/Types/SecretTest.php +++ b/tests/Types/SecretTest.php @@ -7,8 +7,6 @@ AsymmetricSecretKey }; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -23,32 +21,16 @@ */ class SecretTest extends TestCase { - /** @var AsymmetricPublicKey $v1pk */ - protected $v1pk; - /** @var AsymmetricPublicKey $v2pk */ - protected $v2pk; - /** @var AsymmetricPublicKey $v3pk */ - protected $v3pk; - /** @var AsymmetricPublicKey $v4pk */ - protected $v4pk; - /** @var AsymmetricSecretKey $v1sk */ - protected $v1sk; - /** @var AsymmetricSecretKey $v2sk */ - protected $v2sk; - /** @var AsymmetricSecretKey $v3sk */ - protected $v3sk; - /** @var AsymmetricSecretKey $v4sk */ - protected $v4sk; + protected AsymmetricPublicKey $v3pk; + protected AsymmetricPublicKey $v4pk; + protected AsymmetricSecretKey $v3sk; + protected AsymmetricSecretKey $v4sk; /** * @throws \Exception */ public function setUp(): void { - $this->v1sk = AsymmetricSecretKey::generate(new Version1()); - $this->v1pk = $this->v1sk->getPublicKey(); - $this->v2sk = AsymmetricSecretKey::generate(new Version2()); - $this->v2pk = $this->v2sk->getPublicKey(); $this->v3sk = AsymmetricSecretKey::generate(new Version3()); $this->v3pk = $this->v3sk->getPublicKey(); $this->v4sk = AsymmetricSecretKey::generate(new Version4()); @@ -58,24 +40,15 @@ public function setUp(): void public function testEncodeDecode() { /** @var AsymmetricPublicKey $key */ - foreach ([$this->v1sk, $this->v2sk, $this->v3sk, $this->v4sk] as $key) { + foreach ([$this->v3sk, $this->v4sk] as $key) { $secret = new SecretType($key->getProtocol()); $encoded = $secret->encode($key); $decoded = $secret->decode($encoded); - if ($key->getProtocol() instanceof Version1) { - // Compare raw -> compare PEM-encoded - $this->assertSame( - $key->raw(), - $decoded->raw(), - 'Key encoding failed: ' . $encoded - ); - } else { - $this->assertSame( - $key->encode(), - $decoded->encode(), - 'Key encoding failed: ' . $encoded - ); - } + $this->assertSame( + $key->encode(), + $decoded->encode(), + 'Key encoding failed: ' . $encoded + ); } } } diff --git a/tests/Types/SecretWrapTest.php b/tests/Types/SecretWrapTest.php index 7043668..29e952c 100644 --- a/tests/Types/SecretWrapTest.php +++ b/tests/Types/SecretWrapTest.php @@ -8,8 +8,6 @@ use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -23,32 +21,16 @@ */ class SecretWrapTest extends TestCase { - /** @var AsymmetricSecretKey $v1sk */ - protected $v1sk; - /** @var AsymmetricSecretKey $v2sk */ - protected $v2sk; - /** @var AsymmetricSecretKey $v3sk */ - protected $v3sk; - /** @var AsymmetricSecretKey $v4sk */ - protected $v4sk; - /** @var AsymmetricPublicKey $v1pk */ - protected $v1pk; - /** @var AsymmetricPublicKey $v2pk */ - protected $v2pk; - /** @var AsymmetricPublicKey $v3pk */ - protected $v3pk; - /** @var AsymmetricPublicKey $v4pk */ - protected $v4pk; + protected AsymmetricPublicKey $v3pk; + protected AsymmetricPublicKey $v4pk; + protected AsymmetricSecretKey $v3sk; + protected AsymmetricSecretKey $v4sk; /** * @throws \Exception */ public function setUp(): void { - $this->v1sk = AsymmetricSecretKey::generate(new Version1()); - $this->v1pk = $this->v1sk->getPublicKey(); - $this->v2sk = AsymmetricSecretKey::generate(new Version2()); - $this->v2pk = $this->v2sk->getPublicKey(); $this->v3sk = AsymmetricSecretKey::generate(new Version3()); $this->v3pk = $this->v3sk->getPublicKey(); $this->v4sk = AsymmetricSecretKey::generate(new Version4()); @@ -59,7 +41,7 @@ public function setUp(): void public function testWrap() { /** @var SymmetricKey $key */ - foreach ([$this->v1sk, $this->v2sk, $this->v3sk, $this->v4sk] as $key) { + foreach ([$this->v3sk, $this->v4sk] as $key) { // Generate wrapping key $version = $key->getProtocol(); $wk = SymmetricKey::generate($version); diff --git a/tests/UtilTest.php b/tests/UtilTest.php index 99135a3..4deab46 100644 --- a/tests/UtilTest.php +++ b/tests/UtilTest.php @@ -4,8 +4,6 @@ use ParagonIE\Paserk\Util; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -21,8 +19,6 @@ class UtilTest extends TestCase { public function testGetPaserkHeader() { - $this->assertSame('k1', Util::getPaserkHeader(new Version1())); - $this->assertSame('k2', Util::getPaserkHeader(new Version2())); $this->assertSame('k3', Util::getPaserkHeader(new Version3())); $this->assertSame('k4', Util::getPaserkHeader(new Version4())); } diff --git a/tests/test-vectors/k1.lid.json b/tests/test-vectors/k1.lid.json deleted file mode 100644 index 5eaf61a..0000000 --- a/tests/test-vectors/k1.lid.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "PASERK k1.lid Test Vectors", - "tests": [ - { - "name": "k1.lid-1", - "expect-fail": false, - "key": "0000000000000000000000000000000000000000000000000000000000000000", - "paserk": "k1.lid.hX7AFMLetrMi9GRENnuqkxV8UPxOkFXrcNpyls9U9Pmd" - }, - { - "name": "k1.lid-2", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k1.lid.Itkhw2RHx7sR6k4kqe31ekYRG1c8JfowN7h8jwdjb8sm" - }, - { - "name": "k1.lid-3", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e90", - "paserk": "k1.lid.qAQFESETVi8r1m6CjDmj1kf3qKDpY3GELGR5a000Ku4M" - }, - { - "name": "k1.lid-fail-1", - "expect-fail": true, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e", - "paserk": null, - "comment": "If the key is too short, this must fail to serialize." - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k1.local-pw.json b/tests/test-vectors/k1.local-pw.json deleted file mode 100644 index 3aa859e..0000000 --- a/tests/test-vectors/k1.local-pw.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "name": "PASERK k1.local-pw Test Vectors", - "tests": [ - { - "name": "k1.local-pw-1", - "expect-fail": false, - "unwrapped": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "password": "correct horse battery staple", - "options": {"iterations": 1000}, - "paserk": "k1.local-pw.fZRS93f3xuja1dN2KwoLhEj2sqYKcS3RBcs82xI-S8gAAAPo2Bz-gZCiErlfOabb1JUPMUTOyq5Fuc3EBewQ8HxviFVq_XAilOJ5sTbq3-siHO2MGN1S567GJ9BD8G2SM45Y6yYtS3lfOxLu8J03vhtfTGZ0QkaQCvs_Z3W1bX9j7fv7" - }, - { - "name": "k1.local-pw-2", - "expect-fail": false, - "unwrapped": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "password": "correct horse battery staple", - "options": {"iterations": 10000}, - "paserk": "k1.local-pw.DMd9Lg4gWt-Ra5O0WIMVwB1jij60uqfnhmoSKbn-YVAAAAPo-jOaUhm2KOQSVqLjHcZ8e09E6t2VtozMUxuU2k9M6EJCQS1XDP0FAXHIZSjNCcAdORQJfMiukPQ4umBn_ZzVwsSxP_yMclvRVKf43lIPMTgCxSkW0Utb8j2e97oa_Uqg" - }, - { - "name": "k1.local-pw-fail-1", - "expect-fail": true, - "comment": "Incorrect password", - "unwrapped": null, - "password": "correct horse battery staplf", - "options": {"iterations": 10000}, - "paserk": "k1.local-pw.DMd9Lg4gWt-Ra5O0WIMVwB1jij60uqfnhmoSKbn-YVAAAAPo-jOaUhm2KOQSVqLjHcZ8e09E6t2VtozMUxuU2k9M6EJCQS1XDP0FAXHIZSjNCcAdORQJfMiukPQ4umBn_ZzVwsSxP_yMclvRVKf43lIPMTgCxSkW0Utb8j2e97oa_Uqg" - }, - { - "name": "k1.local-pw-fail-2", - "expect-fail": true, - "comment": "Incorrect authentication tag on ciphertext", - "unwrapped": null, - "password": "correct horse battery staple", - "options": {"iterations": 10000}, - "paserk": "k1.local-pw.DMd9Lg4gWt-Ra5O0WIMVwB1jij60uqfnhmoSKbn-YVAAAAPo-jOaUhm2KOQSVqLjHcZ8e09E6t2VtozMUxuU2k9M6EJCQS1XDP0FAXHIZSjNCcAdORQJfMiukPQ4umBn_ZzVwsSxP_yMclvRVKf43lIPMTgCxSkW0Utb8j2e97oa_Vrh" - }, - { - "name": "k2.local-pw-fail-3", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "unwrapped": null, - "password": "correct horse battery staple", - "options": {"memlimit": 67108864, "opslimit": 2}, - "paserk": "k2.local-pw.aRFbR_qjEgyRbTWO-8q7PgAAAAAEAAAAAAAAAgAAAAFrOjyWJdnG25HrYDBxxJEpLlxvr9SsUsnFqMqQ_7EqjS51T9ugESvlfoiCtNYpslbb2-vso-p9a0c8tBfKIFVI6B2vq9WdV8wLC6lhpdIMZmUL60rj0DU_" - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k1.local-wrap.pie.json b/tests/test-vectors/k1.local-wrap.pie.json deleted file mode 100644 index 4bd944c..0000000 --- a/tests/test-vectors/k1.local-wrap.pie.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "PASERK k1.local-wrap.pie Test Vectors", - "tests": [ - { - "name": "k1.local-wrap.pie-1", - "expect-fail": false, - "unwrapped": "0000000000000000000000000000000000000000000000000000000000000000", - "wrapping-key":"707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k1.local-wrap.pie.px2xARZYyBu7Wfv3HCWP7nUOBPXrVicGWPd_SAKETuq2_HZOmofjUZYTQA338KXtGidUIDCxv218a3p-J16TaR8gAZ8P6LhWN_U6Spd0d5JZcecPMXlWwvoCDhOT88gUJdVXrnzTl6HBK7l4OE4yMg" - }, - { - "name": "k1.local-wrap.pie-2", - "expect-fail": false, - "unwrapped": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "wrapping-key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k1.local-wrap.pie.aMF7_m3KXH8Rgoo4ow1FYEThHAhaNR1deM9SbRRnHR9-ao5qckA-b0sltysyHG8jPor1oVTCiTxS0Bx8Rt6Dnxy9rMGEYwrqfQfrXJLNnvh6O19Id0TwJ-vMnagj3xJeGEZMSO8K9JaZrgh6sBAWng" - }, - { - "name": "k1.local-wrap.pie-fail-1", - "expect-fail": true, - "comment": "Invalid authentication tag on ciphertext", - "unwrapped": null, - "wrapping-key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k1.local-wrap.pie.aMF7_m3KXH8Rgoo4ow1FYEThHAhaNR1deM9SbRRnHR9-ao5qckA-b0sltysyHG8jPor1oVTCiTxS0Bx8Rt6Dnxy9rMGEYwrqfQfrXJLNnvh6O19Id0TwJ-vMnagj3xJeGEZMSO8K8JaYrgh6sBBWnh" - }, - { - "name": "k1.local-wrap.pie-fail-2", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "unwrapped": null, - "wrapping-key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k2.local-wrap.pie.UNK6-S4s4uZ2oc7Ntujea9FdRDWgmWmkFJrZPQtVb_Z4GF2iWN7UVPXyKGYfF1WkqVk7a4iWuxAx8KwpoNZEPHK1Ym6PtROKDeMpBPo-G0I9cDyh_r764LGy3NqRb6_0" - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k1.local.json b/tests/test-vectors/k1.local.json deleted file mode 100644 index ad33be8..0000000 --- a/tests/test-vectors/k1.local.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "name": "PASERK k1.local Test Vectors", - "tests": [ - { - "name": "k1.local-1", - "expect-fail": false, - "key": "0000000000000000000000000000000000000000000000000000000000000000", - "paserk": "k1.local.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - { - "name": "k1.local-2", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k1.local.cHFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjo8" - }, - { - "name": "k1.local-3", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e90", - "paserk": "k1.local.cHFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjpA" - }, - { - "name": "k1.local-fail-1", - "expect-fail": true, - "key": null, - "paserk": "k1.local.HFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjo8", - "comment": "If the PASERK is too short, this must fail to deserialize." - }, - { - "name": "k1.local-fail-2", - "expect-fail": true, - "key": null, - "paserk": "k2.local.cHFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjo8", - "comment": "Implementations MUST NOT accept a PASERK of the wrong version." - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k1.pid.json b/tests/test-vectors/k1.pid.json deleted file mode 100644 index a58a685..0000000 --- a/tests/test-vectors/k1.pid.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "name": "PASERK k1.pid Test Vectors", - "tests": [ - { - "name": "k1.pid-1", - "expect-fail": false, - "key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p5GHgwoGW\nwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwx\nKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1\nOt0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAA\npVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6al\nUyhKC1+1w/FW6HWcp/JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8\nowIDAQAB\n-----END PUBLIC KEY-----", - "paserk": "k1.pid.oxQIZk0yciX7cLRZ3C0Psdoj-RUqmVHrlnIYGNma6xy8" - }, { - "name": "k1.pid-fail-1", - "expect-fail": true, - "key": "-----BEGIN PUBLIC KEY-----\nMIIB\n-----END PUBLIC KEY-----", - "paserk": null, - "comment": "Small RSA keys must fail to serialize." - }, { - "name": "k1.pid-fail-2", - "expect-fail": true, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e90", - "paserk": null, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version." - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k1.public.json b/tests/test-vectors/k1.public.json deleted file mode 100644 index 3057b27..0000000 --- a/tests/test-vectors/k1.public.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "name": "PASERK k1.public Test Vectors", - "tests": [ - { - "name": "k1.public-1", - "expect-fail": false, - "key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p5GHgwoGW\nwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwx\nKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1\nOt0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAA\npVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6al\nUyhKC1+1w/FW6HWcp/JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8\nowIDAQAB\n-----END PUBLIC KEY-----", - "paserk": "k1.public.MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh_uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW-gmLbgYO_SZYfWF_M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB_0AIELh0mE5vwdihOCbdV6alUyhKC1-1w_FW6HWcp_JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQAB" - }, - { - "name": "k1.public-fail-1", - "expect-fail": true, - "key": "-----BEGIN PUBLIC KEY-----\njANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p5GHgwoGW\nwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwx\nKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1\nOt0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAA\npVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6al\nUyhKC1+1w/FW6HWcp/JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8\nowIDAQAB\n-----END PUBLIC KEY-----", - "paserk": null, - "comment": "Implementations MUST NOT accept a PASERK with malformed public key." - }, - { - "name": "k1.public-fail-2", - "expect-fail": true, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": null, - "comment": "Implementations MUST NOT accept a PASERK with malformed public key." - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k1.seal.json b/tests/test-vectors/k1.seal.json deleted file mode 100644 index 75d6070..0000000 --- a/tests/test-vectors/k1.seal.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "name": "PASERK k1.seal Test Vectors", - "tests": [ - { - "name": "k1.seal-1", - "expect-fail": false, - "sealing-secret-key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEAzmVvxmE2BDmhYZ43Wc379SdoFE7TJ6R9oPmkNieDQ3PWt7tH\nT4nzxSF+/nhS3ii64VAXxz1jPnCiA+L5TiFJ1xOk4vcbi6Dw3cwq/FzIqoJC0JO5\ninA91MZvDaCApe4t1e9piBYRVfHaQvnTsDCvm/5eHFsCQid1386od70ms6fDWF/W\nTirCsUs3AmenQ4jbQfHrc+ZcvEkaeMDC3sQZPvIggLLXsAO4bqbHN37GCNjpKhIC\npyqC3rNtjxjRjUrMEpxhw3stXSg++YchtSJ4y62cOeiJV/YSbpyuBv3FtO4HRq//\nZg1bhIZZvqVZ5FibvgN2QuK5B/1+XUXR+OzhN8EgGVzz33P5ioUlz+ACPDFmICvb\nmrGP1z9iAjT8hOwpEV4Pjz9zZRMKQgaWkk5v5MGDn2hVB+hM/8zIjxtc6f4MmJdG\n6auC61ZZeYPe1w1Axr1SfIVFUuo27Slk5EAFyjwRIyyWUXxTX0ZBPUK0rwNRjfML\nm/LXQCR6+WarKbvn/yDgmkpBRYS/6u9sL9EOBJgGXLk3VA6pO64kw7+WXNzK+O4b\n27pijw0yPo0ipfM0XFAEk+6Klz3eocEnu9Zfl0xXjJIbOmS7ELua1EloZ47TBaka\nFP52tac4o/JWrc7RciqVzu5DLjYoQfbrQQeAaLZNx7bFgQ/l1X6FhouHHksCAwEA\nAQKCAgA78aYG/dDMZViDm4oD4RleWDWYQFR/XPzHtfmFaPBstMYV0qShazWLeXEC\nwzt+HmI4ciSVzzR1vAyyCEfT80MY3jGzYYV0hieuo0+Qv/nf27lADseCd5rdo0w5\nrvXuO0DAs6n4xj/+sCFt9lUPBPTb34LBxYTgZcmMWN8A98S3xO+tSRha13x4NZoi\nbqxbpvHXM0XpAWzJmom/rGxsepPCflwGROrzygDU0kdlzMIDa8w8VcLDfktIFuCp\nANJLsP+YICccuTexqLCxlBesHfjrXt7SysCo9WThD0xT53x2UfN3CkKpBxQfZ03F\nWwzCjyGcjDDauDJ5KZx7xn13SIUYQAyh0TIgYq5lRTYycJ6LzQ8zqz/irotqXlv2\n84QnyzPtvUyQynB7FoR30TDHSDzOjVkvWVySqPiuxIgESCjAaQYqEc6sfwXcp4XZ\neOU59SSsBSt0HpnrgZhGA2vK+lPfn91n95MaII4vmE1PpUef8PPtwbF4cM/YCTfW\nBAnCs21VV+AJa79Ae6/TmIUr5+/saL5CWcMXljTtCSXarJJM9AUOaU+bNxYo0TVF\nbLyT4tvutSNpb5h2RDfmVADf46WP1ioH/HazdPNe93+8SoIjNIKbEBq5yMY+Vr7q\neHB+3aY5TohF8Pf9xSBpbVA2FzA3EVwaC94hhun1q38JFbRlcQKCAQEA/7/vHkUm\nm1wIAJMr9mK9AdtNm0VAwpk9D2bIV8QH/gfTFZ81LVJWEXDBVvC5uoFjS7RcHGF8\nbWAglpCKtZiIfwKMc5sPJAwksCWg6mDbBWE0V1Z/UfRLpwtc9NzO/s1eUp6UH5XK\nMnZmuD6QaCvbMNoHNUt9gWtnPZ/gnUloXmFnYBu0mHj7MdQoA4ZQfCiy+sQ04s7F\nzAMWfbe5PxwT9/woszJ+uN69ai4PKcnc0WTcgyvZqU656ZLFmin8RbU2V6hg6NMQ\nIjJor6psXb74iEPa5Vb1VAMNmKgz9sOePbymsBJ4Y63cfgmpmPWLOgX5pDKO3Dw4\n7tYzeXD32eEJ/wKCAQEAzpkjrwqWrFsD/TkY8K8sZSp1rPjUj69VfWSSnJgENw6y\ncbmfx7Vw7tR2F6i+qQT7m4agJT6RBw1epN8od499Ql+uC9QeIYm3pdG0TXBIBCA4\n03imULCgdcVFUmRvqVX8A723rq3RPTdgkUesJXVqqk7fPql3zGrk9xrN9GWQqWh0\njXQnvCgMaojIKYOF51ZmBZdwORv0mC6B9rAvFD+7Q9e89yARu4gR/P47W641kgld\nhCLocWB57W5x7bThNYLsrJG2wCMSdXFjw8JNsMYO7s9M8a6Z4DIyFyezzenY2gtQ\nPjXqaqegrioS3q1woDrJblP8yb+uHfKZy8aD0RLztQKCAQBi6NYPvOq7dxJZNpHw\nDivPBgOzo0ryd9VXmYat+tCkfF40pIgqaQeEYzlC6ILMELJYWv6ssz8uBdlUob4j\nkURo6pFrPHLUnCWsQkFDpAXQxNE7XeaLyZFgn1JqGOOtQ7vQ9CeRN5slfQkpBHlQ\n8HUrJYdYI0P8w48AFE8IRZWpur4CO3TS6ycrFEQNaOrDufHObgeOGC4DQsZ2BJIO\nSEuowsry0vqTgQF8iSewH7PY/8sQp+rcQehA31Sw1MAOLZFAwYwJP2ej8h7uoVib\nwPnZqXSE8eabgTrG6XZ/XxRaCBXnTp1k357A1/fRglVAMYNk73C02E2kgQ8TTo9s\nok39AoIBAQCo57KwzOtahh7AzAmD3PNi0k/a1qSRxDsUhUEIHZB0ouNo7uWelMx7\ntd/GgANAk/5QrMQJLxnKtjeGe5vOA9XYifj1Wro3mSw3uTa7iOyX0vAilCUFGyJU\npq+CKPLRcqbTOCwP97N1ZOziWcJ37YMDMfB6fnqe+VWwYI25HcAjgG6ppylFP0jH\nYISkzA6Rj6VhNOpfBmf2cy91y5zx5Rjo4lxvfhyBQUHToNZOoiLR/i4idZer+cA1\nSXKDcLoe0adFfuv2MbZJpiZ2SUjTGVnkDD9P5/uNu/wPyjnKQ0EzIsS718CK6fkH\n6wX6X7oQhX9hX/Dv0HI9sbXjT609JU1xAoIBAE5aeA8a53gP9TyfrR6YmZUpgKAP\ntsjkWG6TPzjVnj+ttPLTDEfJ+LvDIY/UCsAcwie/bzVcYaqMm/ohIrqblKksyVjk\nOnUABuZSo8aDNcvGsF7KfBkkZ5svvJ5qFvVHSmvqJSE7uug7wvtxgje8oTYN8YoT\nZUn4LSus3Gf58E7t4JPJpSVVYM0x/iGDjzDwciNnk7qZJ8/it3x+1kfOshXIcWYR\nfw3Ui5L1gMVIJ1SmBBdXmHRLLNbT3ZDTDLIywNEyXYTiMXWW1GawKPqhXqVhhwiL\n3ynxwLz6UDf7YXIZUD2TTyhHPZugcTN7q/UqBj6yknbtgfu1CBeB8PVoLcE=\n-----END RSA PRIVATE KEY-----", - "sealing-public-key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzmVvxmE2BDmhYZ43Wc37\n9SdoFE7TJ6R9oPmkNieDQ3PWt7tHT4nzxSF+/nhS3ii64VAXxz1jPnCiA+L5TiFJ\n1xOk4vcbi6Dw3cwq/FzIqoJC0JO5inA91MZvDaCApe4t1e9piBYRVfHaQvnTsDCv\nm/5eHFsCQid1386od70ms6fDWF/WTirCsUs3AmenQ4jbQfHrc+ZcvEkaeMDC3sQZ\nPvIggLLXsAO4bqbHN37GCNjpKhICpyqC3rNtjxjRjUrMEpxhw3stXSg++YchtSJ4\ny62cOeiJV/YSbpyuBv3FtO4HRq//Zg1bhIZZvqVZ5FibvgN2QuK5B/1+XUXR+Ozh\nN8EgGVzz33P5ioUlz+ACPDFmICvbmrGP1z9iAjT8hOwpEV4Pjz9zZRMKQgaWkk5v\n5MGDn2hVB+hM/8zIjxtc6f4MmJdG6auC61ZZeYPe1w1Axr1SfIVFUuo27Slk5EAF\nyjwRIyyWUXxTX0ZBPUK0rwNRjfMLm/LXQCR6+WarKbvn/yDgmkpBRYS/6u9sL9EO\nBJgGXLk3VA6pO64kw7+WXNzK+O4b27pijw0yPo0ipfM0XFAEk+6Klz3eocEnu9Zf\nl0xXjJIbOmS7ELua1EloZ47TBakaFP52tac4o/JWrc7RciqVzu5DLjYoQfbrQQeA\naLZNx7bFgQ/l1X6FhouHHksCAwEAAQ==\n-----END PUBLIC KEY-----", - "unsealed": "0000000000000000000000000000000000000000000000000000000000000000", - "paserk": "k1.seal.Rh_7sGJlX63bix8ZR_WF4CuIx3y_qrLopKo_5JmKwAmGeWST1J2HIjwO5-JX1U5LV68mZzWSu3o5mb4P9finTLdNlC0_Legurx15NCq_LvO2UqPRqFt7DGPO722HElQKtJciR0VCuf_WUOyalbgjVfNruYoMvtONqqI1g7MQr1Fa1tFwe5MXhOaX4V7eJ0DodauHj_i6KjX7-T3xllIzfGXQEUEEoSgyrCo4IGCs3E5gRBK-rlrojhDtt8LebZxOwOmOvTIfcTC0m8aGvDm6HPYzBWefiTSnZInoVfI6yt4JOozxqFVzMx2QP3Kok2iCy6VW8386WTeeZ15Jr95Yt0bc3bayYonCDkvEkwpyV6Y-wPRvZpwlt84NsNrPb-WmsPbtDs7MIuun0b089zwfmYcxy0LRDlJhMreTlDkueuJftyV8sbE9FNfWFF34azIwM9xudcsH266OpUGaQH_phl7or66hbEpeSp4A91U5K4nvMXr-ohdLublIF8WZMH_trQCHo0DomXkVHlFSaLnSHyxIJ8KhQCVleJ2ZjKMXeJ0KSgPA7crE4HwB7G5yhsEprRg_pR0481zoF5YOKbelQiRPwEdcI1E4OomcWfdf1OWw469-SBJJQM_zK3sqBiRHW56ZwIGdJaZDdp0GyHOkGSNL_L-LBIJ7P05TxdwjwmpZD8Lcn3O1XNqygIPTbtSLGkylzpX468sMBp6XiyYZy5lcqDnjceNrWkN8zLMmpoDiEUBLje1wA14KWEs9g0HFXwze88O_J0dp-RDEDWmQJQ" - }, - { - "name": "k1.seal-2", - "expect-fail": false, - "sealing-secret-key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEAzmVvxmE2BDmhYZ43Wc379SdoFE7TJ6R9oPmkNieDQ3PWt7tH\nT4nzxSF+/nhS3ii64VAXxz1jPnCiA+L5TiFJ1xOk4vcbi6Dw3cwq/FzIqoJC0JO5\ninA91MZvDaCApe4t1e9piBYRVfHaQvnTsDCvm/5eHFsCQid1386od70ms6fDWF/W\nTirCsUs3AmenQ4jbQfHrc+ZcvEkaeMDC3sQZPvIggLLXsAO4bqbHN37GCNjpKhIC\npyqC3rNtjxjRjUrMEpxhw3stXSg++YchtSJ4y62cOeiJV/YSbpyuBv3FtO4HRq//\nZg1bhIZZvqVZ5FibvgN2QuK5B/1+XUXR+OzhN8EgGVzz33P5ioUlz+ACPDFmICvb\nmrGP1z9iAjT8hOwpEV4Pjz9zZRMKQgaWkk5v5MGDn2hVB+hM/8zIjxtc6f4MmJdG\n6auC61ZZeYPe1w1Axr1SfIVFUuo27Slk5EAFyjwRIyyWUXxTX0ZBPUK0rwNRjfML\nm/LXQCR6+WarKbvn/yDgmkpBRYS/6u9sL9EOBJgGXLk3VA6pO64kw7+WXNzK+O4b\n27pijw0yPo0ipfM0XFAEk+6Klz3eocEnu9Zfl0xXjJIbOmS7ELua1EloZ47TBaka\nFP52tac4o/JWrc7RciqVzu5DLjYoQfbrQQeAaLZNx7bFgQ/l1X6FhouHHksCAwEA\nAQKCAgA78aYG/dDMZViDm4oD4RleWDWYQFR/XPzHtfmFaPBstMYV0qShazWLeXEC\nwzt+HmI4ciSVzzR1vAyyCEfT80MY3jGzYYV0hieuo0+Qv/nf27lADseCd5rdo0w5\nrvXuO0DAs6n4xj/+sCFt9lUPBPTb34LBxYTgZcmMWN8A98S3xO+tSRha13x4NZoi\nbqxbpvHXM0XpAWzJmom/rGxsepPCflwGROrzygDU0kdlzMIDa8w8VcLDfktIFuCp\nANJLsP+YICccuTexqLCxlBesHfjrXt7SysCo9WThD0xT53x2UfN3CkKpBxQfZ03F\nWwzCjyGcjDDauDJ5KZx7xn13SIUYQAyh0TIgYq5lRTYycJ6LzQ8zqz/irotqXlv2\n84QnyzPtvUyQynB7FoR30TDHSDzOjVkvWVySqPiuxIgESCjAaQYqEc6sfwXcp4XZ\neOU59SSsBSt0HpnrgZhGA2vK+lPfn91n95MaII4vmE1PpUef8PPtwbF4cM/YCTfW\nBAnCs21VV+AJa79Ae6/TmIUr5+/saL5CWcMXljTtCSXarJJM9AUOaU+bNxYo0TVF\nbLyT4tvutSNpb5h2RDfmVADf46WP1ioH/HazdPNe93+8SoIjNIKbEBq5yMY+Vr7q\neHB+3aY5TohF8Pf9xSBpbVA2FzA3EVwaC94hhun1q38JFbRlcQKCAQEA/7/vHkUm\nm1wIAJMr9mK9AdtNm0VAwpk9D2bIV8QH/gfTFZ81LVJWEXDBVvC5uoFjS7RcHGF8\nbWAglpCKtZiIfwKMc5sPJAwksCWg6mDbBWE0V1Z/UfRLpwtc9NzO/s1eUp6UH5XK\nMnZmuD6QaCvbMNoHNUt9gWtnPZ/gnUloXmFnYBu0mHj7MdQoA4ZQfCiy+sQ04s7F\nzAMWfbe5PxwT9/woszJ+uN69ai4PKcnc0WTcgyvZqU656ZLFmin8RbU2V6hg6NMQ\nIjJor6psXb74iEPa5Vb1VAMNmKgz9sOePbymsBJ4Y63cfgmpmPWLOgX5pDKO3Dw4\n7tYzeXD32eEJ/wKCAQEAzpkjrwqWrFsD/TkY8K8sZSp1rPjUj69VfWSSnJgENw6y\ncbmfx7Vw7tR2F6i+qQT7m4agJT6RBw1epN8od499Ql+uC9QeIYm3pdG0TXBIBCA4\n03imULCgdcVFUmRvqVX8A723rq3RPTdgkUesJXVqqk7fPql3zGrk9xrN9GWQqWh0\njXQnvCgMaojIKYOF51ZmBZdwORv0mC6B9rAvFD+7Q9e89yARu4gR/P47W641kgld\nhCLocWB57W5x7bThNYLsrJG2wCMSdXFjw8JNsMYO7s9M8a6Z4DIyFyezzenY2gtQ\nPjXqaqegrioS3q1woDrJblP8yb+uHfKZy8aD0RLztQKCAQBi6NYPvOq7dxJZNpHw\nDivPBgOzo0ryd9VXmYat+tCkfF40pIgqaQeEYzlC6ILMELJYWv6ssz8uBdlUob4j\nkURo6pFrPHLUnCWsQkFDpAXQxNE7XeaLyZFgn1JqGOOtQ7vQ9CeRN5slfQkpBHlQ\n8HUrJYdYI0P8w48AFE8IRZWpur4CO3TS6ycrFEQNaOrDufHObgeOGC4DQsZ2BJIO\nSEuowsry0vqTgQF8iSewH7PY/8sQp+rcQehA31Sw1MAOLZFAwYwJP2ej8h7uoVib\nwPnZqXSE8eabgTrG6XZ/XxRaCBXnTp1k357A1/fRglVAMYNk73C02E2kgQ8TTo9s\nok39AoIBAQCo57KwzOtahh7AzAmD3PNi0k/a1qSRxDsUhUEIHZB0ouNo7uWelMx7\ntd/GgANAk/5QrMQJLxnKtjeGe5vOA9XYifj1Wro3mSw3uTa7iOyX0vAilCUFGyJU\npq+CKPLRcqbTOCwP97N1ZOziWcJ37YMDMfB6fnqe+VWwYI25HcAjgG6ppylFP0jH\nYISkzA6Rj6VhNOpfBmf2cy91y5zx5Rjo4lxvfhyBQUHToNZOoiLR/i4idZer+cA1\nSXKDcLoe0adFfuv2MbZJpiZ2SUjTGVnkDD9P5/uNu/wPyjnKQ0EzIsS718CK6fkH\n6wX6X7oQhX9hX/Dv0HI9sbXjT609JU1xAoIBAE5aeA8a53gP9TyfrR6YmZUpgKAP\ntsjkWG6TPzjVnj+ttPLTDEfJ+LvDIY/UCsAcwie/bzVcYaqMm/ohIrqblKksyVjk\nOnUABuZSo8aDNcvGsF7KfBkkZ5svvJ5qFvVHSmvqJSE7uug7wvtxgje8oTYN8YoT\nZUn4LSus3Gf58E7t4JPJpSVVYM0x/iGDjzDwciNnk7qZJ8/it3x+1kfOshXIcWYR\nfw3Ui5L1gMVIJ1SmBBdXmHRLLNbT3ZDTDLIywNEyXYTiMXWW1GawKPqhXqVhhwiL\n3ynxwLz6UDf7YXIZUD2TTyhHPZugcTN7q/UqBj6yknbtgfu1CBeB8PVoLcE=\n-----END RSA PRIVATE KEY-----", - "sealing-public-key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzmVvxmE2BDmhYZ43Wc37\n9SdoFE7TJ6R9oPmkNieDQ3PWt7tHT4nzxSF+/nhS3ii64VAXxz1jPnCiA+L5TiFJ\n1xOk4vcbi6Dw3cwq/FzIqoJC0JO5inA91MZvDaCApe4t1e9piBYRVfHaQvnTsDCv\nm/5eHFsCQid1386od70ms6fDWF/WTirCsUs3AmenQ4jbQfHrc+ZcvEkaeMDC3sQZ\nPvIggLLXsAO4bqbHN37GCNjpKhICpyqC3rNtjxjRjUrMEpxhw3stXSg++YchtSJ4\ny62cOeiJV/YSbpyuBv3FtO4HRq//Zg1bhIZZvqVZ5FibvgN2QuK5B/1+XUXR+Ozh\nN8EgGVzz33P5ioUlz+ACPDFmICvbmrGP1z9iAjT8hOwpEV4Pjz9zZRMKQgaWkk5v\n5MGDn2hVB+hM/8zIjxtc6f4MmJdG6auC61ZZeYPe1w1Axr1SfIVFUuo27Slk5EAF\nyjwRIyyWUXxTX0ZBPUK0rwNRjfMLm/LXQCR6+WarKbvn/yDgmkpBRYS/6u9sL9EO\nBJgGXLk3VA6pO64kw7+WXNzK+O4b27pijw0yPo0ipfM0XFAEk+6Klz3eocEnu9Zf\nl0xXjJIbOmS7ELua1EloZ47TBakaFP52tac4o/JWrc7RciqVzu5DLjYoQfbrQQeA\naLZNx7bFgQ/l1X6FhouHHksCAwEAAQ==\n-----END PUBLIC KEY-----", - "unsealed": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "paserk": "k1.seal.QmXSEH_ei6jX3xvcZ5_l4k53mBTgJSRHWS07MB56tX0hBUqKE-ur-SdjRn68DF_j9BbUSif5kqAn4h7ozfW1IRr4tp26_gVdSN9wUcCMVFpc7kF_unOd8dJlqKuxAxy8pfVRtN5no12JKogWU9EBE1y8iv6k1CDetlU8htQsBhvpcNigBhFooNt8J2UZrNppDSlzO-bqJcz7gPFpqdp31wwCi9PIoaUG52GHTRrm600p6FftQ9V2XdnA5gL0TZQhRG3EstYR9s6p-Irrs7BcqH5QpC0ZRLcnsJHMkSvX79g7fkiJeEHbLRTjE0xUT8sUk6fxgSNJws8XDsBU-4p74OKW3GyZmtbxwhHN6hO4OJHRtV3MoLRJMDUVYCVfDVkEMYXd9kOq9_rRgeP_cCnHhbLncIpEUUfvLB_8OAesU6h88ulKDdsyIs2a7HCrvjfKwni4iz8yAabUf7JTzieoX9zRsYe52i6vmujSgiuiwKS_EbdPTKNiPu308QHfu_bubXYkRXmU6ieziqU1f4FAklxGNK9sZpK_uEYIUrhiT6uqIJmkMU410XFnVwkebd6OGXFoGvvIyaq0iPaF---fHXyCnmI9fyjV0kHy57I18pbDY-ujMUCnjZ-yYYmk2DyhYPURq50yNVptIjx7B8mU660KPWkACO1NUQhIdACDkHseNb7mER71l64A0Hmu9PZB4VHBH4NBhtdvll2vIVcLPk-BdDa1PziJy6QZweIel-IufvLl1awLu67d2D8DJw25NAPuCsdrfZMMqhe02nAmGg" - }, - { - "name": "k1.seal-fail-1", - "expect-fail": true, - "comment": "RSA keys must be 4096-bit for PASERK. PASETO RSA keys are not acceptable here.", - "sealing-secret-key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9\nGCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N\n02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJ\nAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNx\nkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6alUyhKC1+1w/FW6HWcp/JG1kKC8DPI\nidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQABAoIBAF22jLDa34yKdns3\nqfd7to+C3D5hRzAcMn6Azvf9qc+VybEI6RnjTHxDZWK5EajSP4/sQ15e8ivUk0Jo\nWdJ53feL+hnQvwsab28gghSghrxM2kGwGA1XgO+SVawqJt8SjvE+Q+//01ZKK0Oy\nA0cDJjX3L9RoPUN/moMeAPFw0hqkFEhm72GSVCEY1eY+cOXmL3icxnsnlUD//SS9\nq33RxF2y5oiW1edqcRqhW/7L1yYMbxHFUcxWh8WUwjn1AAhoCOUzF8ZB+0X/PPh+\n1nYoq6xwqL0ZKDwrQ8SDhW/rNDLeO9gic5rl7EetRQRbFvsZ40AdsX2wU+lWFUkB\n42AjuoECgYEA5z/CXqDFfZ8MXCPAOeui8y5HNDtu30aR+HOXsBDnRI8huXsGND04\nFfmXR7nkghr08fFVDmE4PeKUk810YJb+IAJo8wrOZ0682n6yEMO58omqKin+iIUV\nrPXLSLo5CChrqw2J4vgzolzPw3N5I8FJdLomb9FkrV84H+IviPIylyECgYEA3znw\nAG29QX6ATEfFpGVOcogorHCntd4niaWCq5ne5sFL+EwLeVc1zD9yj1axcDelICDZ\nxCZynU7kDnrQcFkT0bjH/gC8Jk3v7XT9l1UDDqC1b7rm/X5wFIZ/rmNa1rVZhL1o\n/tKx5tvM2syJ1q95v7NdygFIEIW+qbIKbc6Wz0MCgYBsUZdQD+qx/xAhELX364I2\nepTryHMUrs+tGygQVrqdiJX5dcDgM1TUJkdQV6jLsKjPs4Vt6OgZRMrnuLMsk02R\n3M8gGQ25ok4f4nyyEZxGGWnVujn55KzUiYWhGWmhgp18UCkoYa59/Q9ss+gocV9h\nB9j9Q43vD80QUjiF4z0DQQKBgC7XQX1VibkMim93QAnXGDcAS0ij+w02qKVBjcHk\nb9mMBhz8GAxGOIu7ZJafYmxhwMyVGB0I1FQeEczYCJUKnBYN6Clsjg6bnBT/z5bJ\nx/Jx1qCzX3Uh6vLjpjc5sf4L39Tyye1u2NXQmZPwB5x9BdcsFConSq/s4K1LJtUT\n3KFxAoGBANGcQ8nObi3m4wROyKrkCWcWxFFMnpwxv0pW727Hn9wuaOs4UbesCnwm\npcMTfzGUDuzYXCtAq2pJl64HG6wsdkWmjBTJEpm6b9ibOBN3qFV2zQ0HyyKlMWxI\nuVSj9gOo61hF7UH9XB6R4HRdlpBOuIbgAWZ46dkj9/HM9ovdP0Iy\n-----END RSA PRIVATE KEY-----", - "sealing-public-key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p5GHgwoGW\nwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwx\nKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1\nOt0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAA\npVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6al\nUyhKC1+1w/FW6HWcp/JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8\nowIDAQAB\n-----END PUBLIC KEY-----", - "unsealed": null, - "paserk": "k1.seal.QmXSEH_ei6jX3xvcZ5_l4k53mBTgJSRHWS07MB56tX0hBUqKE-ur-SdjRn68DF_j9BbUSif5kqAn4h7ozfW1IRr4tp26_gVdSN9wUcCMVFpc7kF_unOd8dJlqKuxAxy8pfVRtN5no12JKogWU9EBE1y8iv6k1CDetlU8htQsBhvpcNigBhFooNt8J2UZrNppDSlzO-bqJcz7gPFpqdp31wwCi9PIoaUG52GHTRrm600p6FftQ9V2XdnA5gL0TZQhRG3EstYR9s6p-Irrs7BcqH5QpC0ZRLcnsJHMkSvX79g7fkiJeEHbLRTjE0xUT8sUk6fxgSNJws8XDsBU-4p74OKW3GyZmtbxwhHN6hO4OJHRtV3MoLRJMDUVYCVfDVkEMYXd9kOq9_rRgeP_cCnHhbLncIpEUUfvLB_8OAesU6h88ulKDdsyIs2a7HCrvjfKwni4iz8yAabUf7JTzieoX9zRsYe52i6vmujSgiuiwKS_EbdPTKNiPu308QHfu_bubXYkRXmU6ieziqU1f4FAklxGNK9sZpK_uEYIUrhiT6uqIJmkMU410XFnVwkebd6OGXFoGvvIyaq0iPaF---fHXyCnmI9fyjV0kHy57I18pbDY-ujMUCnjZ-yYYmk2DyhYPURq50yNVptIjx7B8mU660KPWkACO1NUQhIdACDkHseNb7mER71l64A0Hmu9PZB4VHBH4NBhtdvll2vIVcLPk-BdDa1PziJy6QZweIel-IufvLl1awLu67d2D8DJw25NAPuCsdrfZMMqhe02nAmGg" - }, - { - "name": "k1.seal-fail-2", - "expect-fail": true, - "comment": "Invalid authentication tag on sealed key.", - "sealing-secret-key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEAzmVvxmE2BDmhYZ43Wc379SdoFE7TJ6R9oPmkNieDQ3PWt7tH\nT4nzxSF+/nhS3ii64VAXxz1jPnCiA+L5TiFJ1xOk4vcbi6Dw3cwq/FzIqoJC0JO5\ninA91MZvDaCApe4t1e9piBYRVfHaQvnTsDCvm/5eHFsCQid1386od70ms6fDWF/W\nTirCsUs3AmenQ4jbQfHrc+ZcvEkaeMDC3sQZPvIggLLXsAO4bqbHN37GCNjpKhIC\npyqC3rNtjxjRjUrMEpxhw3stXSg++YchtSJ4y62cOeiJV/YSbpyuBv3FtO4HRq//\nZg1bhIZZvqVZ5FibvgN2QuK5B/1+XUXR+OzhN8EgGVzz33P5ioUlz+ACPDFmICvb\nmrGP1z9iAjT8hOwpEV4Pjz9zZRMKQgaWkk5v5MGDn2hVB+hM/8zIjxtc6f4MmJdG\n6auC61ZZeYPe1w1Axr1SfIVFUuo27Slk5EAFyjwRIyyWUXxTX0ZBPUK0rwNRjfML\nm/LXQCR6+WarKbvn/yDgmkpBRYS/6u9sL9EOBJgGXLk3VA6pO64kw7+WXNzK+O4b\n27pijw0yPo0ipfM0XFAEk+6Klz3eocEnu9Zfl0xXjJIbOmS7ELua1EloZ47TBaka\nFP52tac4o/JWrc7RciqVzu5DLjYoQfbrQQeAaLZNx7bFgQ/l1X6FhouHHksCAwEA\nAQKCAgA78aYG/dDMZViDm4oD4RleWDWYQFR/XPzHtfmFaPBstMYV0qShazWLeXEC\nwzt+HmI4ciSVzzR1vAyyCEfT80MY3jGzYYV0hieuo0+Qv/nf27lADseCd5rdo0w5\nrvXuO0DAs6n4xj/+sCFt9lUPBPTb34LBxYTgZcmMWN8A98S3xO+tSRha13x4NZoi\nbqxbpvHXM0XpAWzJmom/rGxsepPCflwGROrzygDU0kdlzMIDa8w8VcLDfktIFuCp\nANJLsP+YICccuTexqLCxlBesHfjrXt7SysCo9WThD0xT53x2UfN3CkKpBxQfZ03F\nWwzCjyGcjDDauDJ5KZx7xn13SIUYQAyh0TIgYq5lRTYycJ6LzQ8zqz/irotqXlv2\n84QnyzPtvUyQynB7FoR30TDHSDzOjVkvWVySqPiuxIgESCjAaQYqEc6sfwXcp4XZ\neOU59SSsBSt0HpnrgZhGA2vK+lPfn91n95MaII4vmE1PpUef8PPtwbF4cM/YCTfW\nBAnCs21VV+AJa79Ae6/TmIUr5+/saL5CWcMXljTtCSXarJJM9AUOaU+bNxYo0TVF\nbLyT4tvutSNpb5h2RDfmVADf46WP1ioH/HazdPNe93+8SoIjNIKbEBq5yMY+Vr7q\neHB+3aY5TohF8Pf9xSBpbVA2FzA3EVwaC94hhun1q38JFbRlcQKCAQEA/7/vHkUm\nm1wIAJMr9mK9AdtNm0VAwpk9D2bIV8QH/gfTFZ81LVJWEXDBVvC5uoFjS7RcHGF8\nbWAglpCKtZiIfwKMc5sPJAwksCWg6mDbBWE0V1Z/UfRLpwtc9NzO/s1eUp6UH5XK\nMnZmuD6QaCvbMNoHNUt9gWtnPZ/gnUloXmFnYBu0mHj7MdQoA4ZQfCiy+sQ04s7F\nzAMWfbe5PxwT9/woszJ+uN69ai4PKcnc0WTcgyvZqU656ZLFmin8RbU2V6hg6NMQ\nIjJor6psXb74iEPa5Vb1VAMNmKgz9sOePbymsBJ4Y63cfgmpmPWLOgX5pDKO3Dw4\n7tYzeXD32eEJ/wKCAQEAzpkjrwqWrFsD/TkY8K8sZSp1rPjUj69VfWSSnJgENw6y\ncbmfx7Vw7tR2F6i+qQT7m4agJT6RBw1epN8od499Ql+uC9QeIYm3pdG0TXBIBCA4\n03imULCgdcVFUmRvqVX8A723rq3RPTdgkUesJXVqqk7fPql3zGrk9xrN9GWQqWh0\njXQnvCgMaojIKYOF51ZmBZdwORv0mC6B9rAvFD+7Q9e89yARu4gR/P47W641kgld\nhCLocWB57W5x7bThNYLsrJG2wCMSdXFjw8JNsMYO7s9M8a6Z4DIyFyezzenY2gtQ\nPjXqaqegrioS3q1woDrJblP8yb+uHfKZy8aD0RLztQKCAQBi6NYPvOq7dxJZNpHw\nDivPBgOzo0ryd9VXmYat+tCkfF40pIgqaQeEYzlC6ILMELJYWv6ssz8uBdlUob4j\nkURo6pFrPHLUnCWsQkFDpAXQxNE7XeaLyZFgn1JqGOOtQ7vQ9CeRN5slfQkpBHlQ\n8HUrJYdYI0P8w48AFE8IRZWpur4CO3TS6ycrFEQNaOrDufHObgeOGC4DQsZ2BJIO\nSEuowsry0vqTgQF8iSewH7PY/8sQp+rcQehA31Sw1MAOLZFAwYwJP2ej8h7uoVib\nwPnZqXSE8eabgTrG6XZ/XxRaCBXnTp1k357A1/fRglVAMYNk73C02E2kgQ8TTo9s\nok39AoIBAQCo57KwzOtahh7AzAmD3PNi0k/a1qSRxDsUhUEIHZB0ouNo7uWelMx7\ntd/GgANAk/5QrMQJLxnKtjeGe5vOA9XYifj1Wro3mSw3uTa7iOyX0vAilCUFGyJU\npq+CKPLRcqbTOCwP97N1ZOziWcJ37YMDMfB6fnqe+VWwYI25HcAjgG6ppylFP0jH\nYISkzA6Rj6VhNOpfBmf2cy91y5zx5Rjo4lxvfhyBQUHToNZOoiLR/i4idZer+cA1\nSXKDcLoe0adFfuv2MbZJpiZ2SUjTGVnkDD9P5/uNu/wPyjnKQ0EzIsS718CK6fkH\n6wX6X7oQhX9hX/Dv0HI9sbXjT609JU1xAoIBAE5aeA8a53gP9TyfrR6YmZUpgKAP\ntsjkWG6TPzjVnj+ttPLTDEfJ+LvDIY/UCsAcwie/bzVcYaqMm/ohIrqblKksyVjk\nOnUABuZSo8aDNcvGsF7KfBkkZ5svvJ5qFvVHSmvqJSE7uug7wvtxgje8oTYN8YoT\nZUn4LSus3Gf58E7t4JPJpSVVYM0x/iGDjzDwciNnk7qZJ8/it3x+1kfOshXIcWYR\nfw3Ui5L1gMVIJ1SmBBdXmHRLLNbT3ZDTDLIywNEyXYTiMXWW1GawKPqhXqVhhwiL\n3ynxwLz6UDf7YXIZUD2TTyhHPZugcTN7q/UqBj6yknbtgfu1CBeB8PVoLcE=\n-----END RSA PRIVATE KEY-----", - "sealing-public-key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzmVvxmE2BDmhYZ43Wc37\n9SdoFE7TJ6R9oPmkNieDQ3PWt7tHT4nzxSF+/nhS3ii64VAXxz1jPnCiA+L5TiFJ\n1xOk4vcbi6Dw3cwq/FzIqoJC0JO5inA91MZvDaCApe4t1e9piBYRVfHaQvnTsDCv\nm/5eHFsCQid1386od70ms6fDWF/WTirCsUs3AmenQ4jbQfHrc+ZcvEkaeMDC3sQZ\nPvIggLLXsAO4bqbHN37GCNjpKhICpyqC3rNtjxjRjUrMEpxhw3stXSg++YchtSJ4\ny62cOeiJV/YSbpyuBv3FtO4HRq//Zg1bhIZZvqVZ5FibvgN2QuK5B/1+XUXR+Ozh\nN8EgGVzz33P5ioUlz+ACPDFmICvbmrGP1z9iAjT8hOwpEV4Pjz9zZRMKQgaWkk5v\n5MGDn2hVB+hM/8zIjxtc6f4MmJdG6auC61ZZeYPe1w1Axr1SfIVFUuo27Slk5EAF\nyjwRIyyWUXxTX0ZBPUK0rwNRjfMLm/LXQCR6+WarKbvn/yDgmkpBRYS/6u9sL9EO\nBJgGXLk3VA6pO64kw7+WXNzK+O4b27pijw0yPo0ipfM0XFAEk+6Klz3eocEnu9Zf\nl0xXjJIbOmS7ELua1EloZ47TBakaFP52tac4o/JWrc7RciqVzu5DLjYoQfbrQQeA\naLZNx7bFgQ/l1X6FhouHHksCAwEAAQ==\n-----END PUBLIC KEY-----", - "unsealed": null, - "paserk": "k1.seal.QmXSEH_ei6jX3xvcZ5_l4k53mBTgJSRHWS07MB56tX0hBUqKE-ur-SdjRn68DF_j9BbUSif5kqAn4h7ozfW1IRr4tp26_gVdSN9wUcCMVFpc7kF_unOd8dJlqKuxAxy8pfVRtN5no12JKogWU9EBE1y8iv6k1CDetlU8htQsBhvpcNigBhFooNt8J2UZrNppDSlzO-bqJcz7gPFpqdp31wwCi9PIoaUG52GHTRrm600p6FftQ9V2XdnA5gL0TZQhRG3EstYR9s6p-Irrs7BcqH5QpC0ZRLcnsJHMkSvX79g7fkiJeEHbLRTjE0xUT8sUk6fxgSNJws8XDsBU-4p74OKW3GyZmtbxwhHN6hO4OJHRtV3MoLRJMDUVYCVfDVkEMYXd9kOq9_rRgeP_cCnHhbLncIpEUUfvLB_8OAesU6h88ulKDdsyIs2a7HCrvjfKwni4iz8yAabUf7JTzieoX9zRsYe52i6vmujSgiuiwKS_EbdPTKNiPu308QHfu_bubXYkRXmU6ieziqU1f4FAklxGNK9sZpK_uEYIUrhiT6uqIJmkMU410XFnVwkebd6OGXFoGvvIyaq0iPaF---fHXyCnmI9fyjV0kHy57I18pbDY-ujMUCnjZ-yYYmk2DyhYPURq50yNVptIjx7B8mU660KPWkACO1NUQhIdACDkHseNb7mER71l64A0Hmu9PZB4VHBH4NBhtdvll2vIVcLPk-BdDa1PziJy6QZweIel-IufvLl1awLu67d2D8DJw25NAPuCsdrfZMMqhe03nBmGh" - }, - { - "name": "k2.seal-2", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "sealing-secret-key": "a770cf90f55d8a6dec51190eb640cb25ce31f7e5eb87a00ca9859022e6da9518a0fbc3dc2f99a538b40fb7616a83cf4276b6cf223fff5a2c2d3236235eb87dc7", - "sealing-public-key": "a0fbc3dc2f99a538b40fb7616a83cf4276b6cf223fff5a2c2d3236235eb87dc7", - "unsealed": null, - "paserk": "k2.seal.rJZgCJrVrUFRPehByeSoO1wAUxG072_yZcyHKARrNU_ShbDBbW6xKtQl7se_PZZ9z1z484vcWmp0iTWGcVplCj2oZClme5JBCQeYSqc2lDev3xTFgOiRxX71gnnxSBkO" - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k1.secret-pw.json b/tests/test-vectors/k1.secret-pw.json deleted file mode 100644 index 5c1afcd..0000000 --- a/tests/test-vectors/k1.secret-pw.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "name": "PASERK k1.secret-pw Test Vectors", - "tests": [ - { - "name": "k1.secret-pw-1", - "expect-fail": false, - "unwrapped": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9\nGCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N\n02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJ\nAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNx\nkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6alUyhKC1+1w/FW6HWcp/JG1kKC8DPI\nidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQABAoIBAF22jLDa34yKdns3\nqfd7to+C3D5hRzAcMn6Azvf9qc+VybEI6RnjTHxDZWK5EajSP4/sQ15e8ivUk0Jo\nWdJ53feL+hnQvwsab28gghSghrxM2kGwGA1XgO+SVawqJt8SjvE+Q+//01ZKK0Oy\nA0cDJjX3L9RoPUN/moMeAPFw0hqkFEhm72GSVCEY1eY+cOXmL3icxnsnlUD//SS9\nq33RxF2y5oiW1edqcRqhW/7L1yYMbxHFUcxWh8WUwjn1AAhoCOUzF8ZB+0X/PPh+\n1nYoq6xwqL0ZKDwrQ8SDhW/rNDLeO9gic5rl7EetRQRbFvsZ40AdsX2wU+lWFUkB\n42AjuoECgYEA5z/CXqDFfZ8MXCPAOeui8y5HNDtu30aR+HOXsBDnRI8huXsGND04\nFfmXR7nkghr08fFVDmE4PeKUk810YJb+IAJo8wrOZ0682n6yEMO58omqKin+iIUV\nrPXLSLo5CChrqw2J4vgzolzPw3N5I8FJdLomb9FkrV84H+IviPIylyECgYEA3znw\nAG29QX6ATEfFpGVOcogorHCntd4niaWCq5ne5sFL+EwLeVc1zD9yj1axcDelICDZ\nxCZynU7kDnrQcFkT0bjH/gC8Jk3v7XT9l1UDDqC1b7rm/X5wFIZ/rmNa1rVZhL1o\n/tKx5tvM2syJ1q95v7NdygFIEIW+qbIKbc6Wz0MCgYBsUZdQD+qx/xAhELX364I2\nepTryHMUrs+tGygQVrqdiJX5dcDgM1TUJkdQV6jLsKjPs4Vt6OgZRMrnuLMsk02R\n3M8gGQ25ok4f4nyyEZxGGWnVujn55KzUiYWhGWmhgp18UCkoYa59/Q9ss+gocV9h\nB9j9Q43vD80QUjiF4z0DQQKBgC7XQX1VibkMim93QAnXGDcAS0ij+w02qKVBjcHk\nb9mMBhz8GAxGOIu7ZJafYmxhwMyVGB0I1FQeEczYCJUKnBYN6Clsjg6bnBT/z5bJ\nx/Jx1qCzX3Uh6vLjpjc5sf4L39Tyye1u2NXQmZPwB5x9BdcsFConSq/s4K1LJtUT\n3KFxAoGBANGcQ8nObi3m4wROyKrkCWcWxFFMnpwxv0pW727Hn9wuaOs4UbesCnwm\npcMTfzGUDuzYXCtAq2pJl64HG6wsdkWmjBTJEpm6b9ibOBN3qFV2zQ0HyyKlMWxI\nuVSj9gOo61hF7UH9XB6R4HRdlpBOuIbgAWZ46dkj9/HM9ovdP0Iy\n-----END RSA PRIVATE KEY-----", - "password": "correct horse battery staple", - "options": {"iterations": 1000}, - "paserk": "k1.secret-pw.ahMxaJEQSKfLvDaUWdV8vblOj7yo1ETWytyT9kYxA3cAAAPo1wBIGbJzBe3Y5a0mqaULCWUau3F0M0Zbk-one8tfj3EcbjznCK6bBwL-0JMbH8PsnTr4UoFANqs8_saZJHNnBz82ohsA6SoC8okWJIdoxcU8fD2tSX_6uCz0MblMioWucSXQ7BIN4wEJEAZTuCO9Niqzo4qhqpuqhWs9JNOOOOL9C9YUhMRfmkuFaXs_WuqHckyb90gie0xcsJBHG7SwZmR5RjXAr_uEuVm2CrJMXzB5-o-aZiC3EqmLOcgTa943StYUCXFSMQoEJDon6DizXj8mSDpSAAUHccheejVCn_nUsuTNjb1hcmwfruOR8Na8KURUsexQfuuilthFa9toft-ERp7Jb4V2N8Anjyhm7XJUtCxEIIPHaDzoO3H3bBUzpKPexMISGlMQhlEHKJne5Eg9LlE02qd9WdjI2OrnbYowaciVTDakYOz4_bAbz4pZsb4QhFAmWaWdKxnl7tQCkTPIRulWZNn2pdh80hkUQuUoRh_Dkz_IW7cuUVMvddKypgd81bdrhMdXKM1eTy0c-KwZMch6FPaOoTDVnINwPGe-u47g1rl3qZIrbVy7L60uj_ACbCefbyT80bh6kRm9kkenBUT2NDgYIfe49Yyo_6pC_voUl-ZfcTilpEYe66T9wMYn4TWPlhxjE87l8WgN2FZ61W1LnEYCdoqjsHhpfXA5WYtny6z_WhxvI6ztOA7yY-9x2gGhPy8T1r50KfKxreAVjg7jA8i51h2jbC4T3M0lNSqMEFwDbH9gqUzVyZBjCKVvWhNwLz8SDBzUY-yf1_XEIw8IeB-bKC08peYdds8ZvBAxdwFysCrXNZhIXDxpdIJgBIZQ0JEVHAndLhjbEAAj_bM9gicNAV1ggWPmiz9DLLVRYsQa7mEPV6SzW4Yl9Qevo9abFgF8PGEnq9PZb7wRnw5_xN2rEmbQ4GLrJr9ixfdm5qH0woTDNZ2DEBbkc3IpaCgp4J_EsqQaW5Fui9crVYQzWSCHVqNDiPMFEYegS9O5ycAqOLMF989ieMwyu6u_5CybUO7NNoWKX1V6uZB0d1LcMyNaRdlfHxUSdDTmyx9OZiFOLxGK9H2WfyxreHs-BO-6Ca3Fcz1jDihoPDkNaJsTM0tLvpfB8Kz6IjCvgS7jAFsZTThk3lb3vXanHbzGxhmkALxgMaAmvJqP93TpbyEKYRXidZa9LZkY53YThiYuL630vbxHLRQjGynFpPTpuM1afQVZQmpi5CiZ-gz72YqwtWIdDedgx0-FryDfRrQHSQiU_Cjstz2Cu0kths4zn6B88z1WcBL3jvaQ3NCFpjbqw5mIHCwQmsI_n0Gkt_jOzyWYAV2r-IT1vqEmxIT4M87EuT7VtHkrhw0UFZCgzAvUD72x8jXWSVYfzC_zNRMKS3x4MxNyHX3V926mOdOhEToCxt0xJsr7HWKq8-kKNwJrS7OlbNpI-KbptG_nhiRIGaaUNVXta0P9_k_wBCG7_3wslUzhc--PZirvFH1QIQv57MTxXwKQcKt_wgPY3LxGllOHW_JyOhmTtdIL3pJl2YIeQ3XyPtzmuZQg8i7JXqlwhxbZMgFwVvF2ftHKL8rn1_On8byEQUwfrlVGRWYaRTV6DFr0uOxb4PrKQ9YoWkpD5O_TgSsnSB276DVjh5oVY65w0TTnBrxDm0-BNtKjKIin8eS0JVb8s2lOEiCjd1hDSqTWqdJVVa0Wbog22Bu5uFfllH9NJb8D0r-PRAMl1hkO_owVFcpld5ls2DU4jrXobj20q_v3wqyVRDiDpGhAALbzVx1aYUplhLHDBJPcc4KZzsIXKbUE2fezm7295Y6YL-gEaASU5xjopfXGqi3QeLUAEiPjZVIXflImYA5XTjWyVyGzQGI9edmIu_Jqr5WoW6gdpqAtm3WY70KAzIIhHtp_NoKrotz9UD74CC2TC-c0PbM91q7CIvjI7t4FqA8D4VN4ixorTHVJBwwQtIxxPsDGanO4SB1kGSiXGhpS-B5mCo1nf8bmDxEmijx-4uk6UwDP-JtjCIkrZbwRFwy8qQR-83WzakLixU9K5CvLs90XEVrpRTr5NXJofdoB774bPTMY2_j3ZHov3DTNhqOAIiSXMRvjYj2LCQep0RRIGibSgks7AYIUjtB2iP28vuGH2CtH_mo6zWWnO_XxyEP4Md9vo6regXdPUXISK_TtRdLMX2speGwEZYJDOJBI0aBLwUhNFqxGCKUgshiyXXk98OaGPM3vZ2GJixIDdlCPZGx0Wo049260H8wWiSucMXvYMwQEG5HU1308vh9dpaWNnNsHCVGzB-HXsMQt6i8nsyHyL2c9Ww" - }, - { - "name": "k1.secret-pw-2", - "expect-fail": false, - "unwrapped": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9\nGCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N\n02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJ\nAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNx\nkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6alUyhKC1+1w/FW6HWcp/JG1kKC8DPI\nidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQABAoIBAF22jLDa34yKdns3\nqfd7to+C3D5hRzAcMn6Azvf9qc+VybEI6RnjTHxDZWK5EajSP4/sQ15e8ivUk0Jo\nWdJ53feL+hnQvwsab28gghSghrxM2kGwGA1XgO+SVawqJt8SjvE+Q+//01ZKK0Oy\nA0cDJjX3L9RoPUN/moMeAPFw0hqkFEhm72GSVCEY1eY+cOXmL3icxnsnlUD//SS9\nq33RxF2y5oiW1edqcRqhW/7L1yYMbxHFUcxWh8WUwjn1AAhoCOUzF8ZB+0X/PPh+\n1nYoq6xwqL0ZKDwrQ8SDhW/rNDLeO9gic5rl7EetRQRbFvsZ40AdsX2wU+lWFUkB\n42AjuoECgYEA5z/CXqDFfZ8MXCPAOeui8y5HNDtu30aR+HOXsBDnRI8huXsGND04\nFfmXR7nkghr08fFVDmE4PeKUk810YJb+IAJo8wrOZ0682n6yEMO58omqKin+iIUV\nrPXLSLo5CChrqw2J4vgzolzPw3N5I8FJdLomb9FkrV84H+IviPIylyECgYEA3znw\nAG29QX6ATEfFpGVOcogorHCntd4niaWCq5ne5sFL+EwLeVc1zD9yj1axcDelICDZ\nxCZynU7kDnrQcFkT0bjH/gC8Jk3v7XT9l1UDDqC1b7rm/X5wFIZ/rmNa1rVZhL1o\n/tKx5tvM2syJ1q95v7NdygFIEIW+qbIKbc6Wz0MCgYBsUZdQD+qx/xAhELX364I2\nepTryHMUrs+tGygQVrqdiJX5dcDgM1TUJkdQV6jLsKjPs4Vt6OgZRMrnuLMsk02R\n3M8gGQ25ok4f4nyyEZxGGWnVujn55KzUiYWhGWmhgp18UCkoYa59/Q9ss+gocV9h\nB9j9Q43vD80QUjiF4z0DQQKBgC7XQX1VibkMim93QAnXGDcAS0ij+w02qKVBjcHk\nb9mMBhz8GAxGOIu7ZJafYmxhwMyVGB0I1FQeEczYCJUKnBYN6Clsjg6bnBT/z5bJ\nx/Jx1qCzX3Uh6vLjpjc5sf4L39Tyye1u2NXQmZPwB5x9BdcsFConSq/s4K1LJtUT\n3KFxAoGBANGcQ8nObi3m4wROyKrkCWcWxFFMnpwxv0pW727Hn9wuaOs4UbesCnwm\npcMTfzGUDuzYXCtAq2pJl64HG6wsdkWmjBTJEpm6b9ibOBN3qFV2zQ0HyyKlMWxI\nuVSj9gOo61hF7UH9XB6R4HRdlpBOuIbgAWZ46dkj9/HM9ovdP0Iy\n-----END RSA PRIVATE KEY-----", - "password": "correct horse battery staple", - "options": {"iterations": 10000}, - "paserk": "k1.secret-pw.YUemu4kDAf6-sNoegWlslD7d000--NkLDMJSqRTE0_0AACcQyFhNMsNri6WHD1wamLu_KELW3Kl7g4kKK11qNGSarqwud1ju3WY1qNEWHY1lLz_voaOYkIAp6uC698KxH4XW17oDSAdIhXD_Th-PAL3pibjsFjOaxlwZZlTXQuQgDQzx-YFdo9tGQCIsizs09SqjtuRl4Fk-Cz0yPPeSZo3_Tbw7ipQMgsrSMg9EJ_f_I2QkMlMlA037-HS-b7peM0F2kr-KJkd092UZb7oUB3kKZ-mWHDdfDYPKrpzQifOdofWslOBDvkjcjYkH1g-uV3bjni_KWUeE94Ko8D0vzy7Ka6PFfY82FfgQdWimlLEBHQmPEl5hN0dry86OOJveSqIxt-z-9syq6_Bo7q7cHqaTbczUSkJbE0XnbnbvwkwllN9GNYDaVKZ_yk934Sor5ZVLxlatGDBb-DKKQXt6wIaI-8xGbzv1fbsHWgVo4eAkhTRItecVyTH3C2BT4MUNhEPerg_WCyKuS9HbVDkMEgAMDQQL-voFISjDRanD0uuGXd0ncPbg3XHBaBtPIav3fHPNOq1yXBE4rnNTl_XOFzWzBb_MH4OQlPC53oAJEqihlbSnJASfnEZxDAaLqY7An2I7NZBe9RKayAAhEWZVlBaefPH14INZl-ehnmL4eO-3nPAeSJrffATOmnNTTP2druAu1GcEk9b5T3BaU2qR2xsWjwHtIalDTYLd6cgHeiH1o9_CN4af-r6juxw1v4fNwQen5ezfwzS7J0C5AvBwEWZtFWzXjxZ6Q4hKUEVOV-bSxMk7-PIiiQoZvemF-QCWuZ_NssPavgOwSKjPQCvLMw41_kwTFOX3hMdW11kazHculvHpoAVfHkvdq6yL3xJX9fDmVGDn8iSJIdpZZ0KCh77F3Qd6vq0cRZr_v41QsPPQHZox6859iieIrFtB6kcw2dmxS3NSV_6cRfEAqeZU749SWsZMvyUIG1BD79RW6e0vAANAiEB1plKRDEDdB-D3AB6iUTPqo36KRKv1slSu3FS4ULfFm7pGCAZOBuBndUFtnhqv1RfIMcJXPNzCTSW2HPNDaryIIbd6TxUrzaxbtw8gqjx6jJqv3Lq7eoYTdUF_N4cEsoWJsr7_m426jxsKab4JwZn_1Jouah4HmsmciwWV-V8xqia6wkiC3jQ_hLZvM72p6WTsGMw99la-P7Pria2_GGPeGQ7Q1CV8uUn4ZW82AEhHPbBTAuFtkuSQSMZ4uX7IPC37Hhy8GKvQHqOQopJVgh5TG1RjpevN1KPINvQwcQSdeCowc2vZTJY21fz126UFRara8O-5FMvkFBPWuymbJQdyjTzP22Hz4XyykTPHZMEXZbziyQcOnwGtfF_JFAhVsTgZX6pEDcuFrZykeZ0JkDwkwt0P6kB4iy2ywfGzbMF0Jy-lpTaYHPWT_D8G3QkvnNl0meGx4lasAMThGOylVyyzUomvCB_wMbVbx75A0dO3-3465L5Mihe5MtoPLQ_vJGFo8OJKB02-p0P16L7__axV8_1Vn1e16XKFy4ZUeFFBEuECX1C87zNU-L9CZTjB6dByTHl4xwPLkh_M16BaHAQeaFOji91WzOhDnViFPYSapfLomP-Sr-S-dVgsARqGyDdbZqzNIbnD8tf0ZXps4BMVEDsYTPBH-C1HrulW1BxDBDOuAVD7wJDIyxW8FDrDAIIyoncn0UF8IW5HdkQMF8hphunPE39iZBIBDjIqT58SjYs_AYbqBeUrP8iFgFXoB04yFw7QLYs2H9YIFbqDR6lfBxhZOHjgX68seyPpBWTLi-y9tSjPCbQfqNloLxy4Q2TpMqS7Ximm7HzsQ5zValjGAJ7T7tIsNiz1zeE__nbKDD5sC7ZndwESnmgEy7hOYaNeu-8oxu1w42rJ6Xedt7aOAn3eI1mKcayRxo9K6LxH1mrS_7pCi1UB5R_YseHzarzOIimhN9T50Ndo1axFt5FAoZE_mT5NI2qBpKXADc1bIt4hiARe9be9gD6zYwCHj13Kq1D78TN6W7TPXXqCkcJ5ROCc81B1BAW5w4GjEgq13LqsfBngK-bgpk36ANVN9b1aGdgwh2Il4yOJJqmK3H7birJVTAaO8voHTg0xiD_LYF-gtX4JK87ZInWfeJeUivSsE4y-O3KIS8QWvPZ7FJwI8tQ35IBKvRCKFG4QKHLvwrjS9g81hE2cgTbK-LQ1emr5qbr6_x7wGqdqQa2IHHcyEu8QMSUKkmE21znCMvQU1LZmYjoG-cD2h3DvBsjPFviXmG_KwKJ_2qzZ8xckUeUhw1JVIDYXr5t4eNt3gk2bYWBHa9JSZgN4zr71ooHJwdild6mQGW2qpg" - }, - { - "name": "k1.secret-pw-fail-1", - "expect-fail": true, - "comment": "Incorrect password", - "unwrapped": null, - "password": "correct horse battery staplf", - "options": {"iterations": 10000}, - "paserk": "k1.secret-pw.YUemu4kDAf6-sNoegWlslD7d000--NkLDMJSqRTE0_0AACcQyFhNMsNri6WHD1wamLu_KELW3Kl7g4kKK11qNGSarqwud1ju3WY1qNEWHY1lLz_voaOYkIAp6uC698KxH4XW17oDSAdIhXD_Th-PAL3pibjsFjOaxlwZZlTXQuQgDQzx-YFdo9tGQCIsizs09SqjtuRl4Fk-Cz0yPPeSZo3_Tbw7ipQMgsrSMg9EJ_f_I2QkMlMlA037-HS-b7peM0F2kr-KJkd092UZb7oUB3kKZ-mWHDdfDYPKrpzQifOdofWslOBDvkjcjYkH1g-uV3bjni_KWUeE94Ko8D0vzy7Ka6PFfY82FfgQdWimlLEBHQmPEl5hN0dry86OOJveSqIxt-z-9syq6_Bo7q7cHqaTbczUSkJbE0XnbnbvwkwllN9GNYDaVKZ_yk934Sor5ZVLxlatGDBb-DKKQXt6wIaI-8xGbzv1fbsHWgVo4eAkhTRItecVyTH3C2BT4MUNhEPerg_WCyKuS9HbVDkMEgAMDQQL-voFISjDRanD0uuGXd0ncPbg3XHBaBtPIav3fHPNOq1yXBE4rnNTl_XOFzWzBb_MH4OQlPC53oAJEqihlbSnJASfnEZxDAaLqY7An2I7NZBe9RKayAAhEWZVlBaefPH14INZl-ehnmL4eO-3nPAeSJrffATOmnNTTP2druAu1GcEk9b5T3BaU2qR2xsWjwHtIalDTYLd6cgHeiH1o9_CN4af-r6juxw1v4fNwQen5ezfwzS7J0C5AvBwEWZtFWzXjxZ6Q4hKUEVOV-bSxMk7-PIiiQoZvemF-QCWuZ_NssPavgOwSKjPQCvLMw41_kwTFOX3hMdW11kazHculvHpoAVfHkvdq6yL3xJX9fDmVGDn8iSJIdpZZ0KCh77F3Qd6vq0cRZr_v41QsPPQHZox6859iieIrFtB6kcw2dmxS3NSV_6cRfEAqeZU749SWsZMvyUIG1BD79RW6e0vAANAiEB1plKRDEDdB-D3AB6iUTPqo36KRKv1slSu3FS4ULfFm7pGCAZOBuBndUFtnhqv1RfIMcJXPNzCTSW2HPNDaryIIbd6TxUrzaxbtw8gqjx6jJqv3Lq7eoYTdUF_N4cEsoWJsr7_m426jxsKab4JwZn_1Jouah4HmsmciwWV-V8xqia6wkiC3jQ_hLZvM72p6WTsGMw99la-P7Pria2_GGPeGQ7Q1CV8uUn4ZW82AEhHPbBTAuFtkuSQSMZ4uX7IPC37Hhy8GKvQHqOQopJVgh5TG1RjpevN1KPINvQwcQSdeCowc2vZTJY21fz126UFRara8O-5FMvkFBPWuymbJQdyjTzP22Hz4XyykTPHZMEXZbziyQcOnwGtfF_JFAhVsTgZX6pEDcuFrZykeZ0JkDwkwt0P6kB4iy2ywfGzbMF0Jy-lpTaYHPWT_D8G3QkvnNl0meGx4lasAMThGOylVyyzUomvCB_wMbVbx75A0dO3-3465L5Mihe5MtoPLQ_vJGFo8OJKB02-p0P16L7__axV8_1Vn1e16XKFy4ZUeFFBEuECX1C87zNU-L9CZTjB6dByTHl4xwPLkh_M16BaHAQeaFOji91WzOhDnViFPYSapfLomP-Sr-S-dVgsARqGyDdbZqzNIbnD8tf0ZXps4BMVEDsYTPBH-C1HrulW1BxDBDOuAVD7wJDIyxW8FDrDAIIyoncn0UF8IW5HdkQMF8hphunPE39iZBIBDjIqT58SjYs_AYbqBeUrP8iFgFXoB04yFw7QLYs2H9YIFbqDR6lfBxhZOHjgX68seyPpBWTLi-y9tSjPCbQfqNloLxy4Q2TpMqS7Ximm7HzsQ5zValjGAJ7T7tIsNiz1zeE__nbKDD5sC7ZndwESnmgEy7hOYaNeu-8oxu1w42rJ6Xedt7aOAn3eI1mKcayRxo9K6LxH1mrS_7pCi1UB5R_YseHzarzOIimhN9T50Ndo1axFt5FAoZE_mT5NI2qBpKXADc1bIt4hiARe9be9gD6zYwCHj13Kq1D78TN6W7TPXXqCkcJ5ROCc81B1BAW5w4GjEgq13LqsfBngK-bgpk36ANVN9b1aGdgwh2Il4yOJJqmK3H7birJVTAaO8voHTg0xiD_LYF-gtX4JK87ZInWfeJeUivSsE4y-O3KIS8QWvPZ7FJwI8tQ35IBKvRCKFG4QKHLvwrjS9g81hE2cgTbK-LQ1emr5qbr6_x7wGqdqQa2IHHcyEu8QMSUKkmE21znCMvQU1LZmYjoG-cD2h3DvBsjPFviXmG_KwKJ_2qzZ8xckUeUhw1JVIDYXr5t4eNt3gk2bYWBHa9JSZgN4zr71ooHJwdild6mQGW2qpg" - }, - { - "name": "k1.secret-pw-fail-2", - "expect-fail": true, - "comment": "Incorrect authentication tag on ciphertext", - "unwrapped": null, - "password": "correct horse battery staple", - "options": {"iterations": 10000}, - "paserk": "k1.secret-pw.YUemu4kDAf6-sNoegWlslD7d000--NkLDMJSqRTE0_0AACcQyFhNMsNri6WHD1wamLu_KELW3Kl7g4kKK11qNGSarqwud1ju3WY1qNEWHY1lLz_voaOYkIAp6uC698KxH4XW17oDSAdIhXD_Th-PAL3pibjsFjOaxlwZZlTXQuQgDQzx-YFdo9tGQCIsizs09SqjtuRl4Fk-Cz0yPPeSZo3_Tbw7ipQMgsrSMg9EJ_f_I2QkMlMlA037-HS-b7peM0F2kr-KJkd092UZb7oUB3kKZ-mWHDdfDYPKrpzQifOdofWslOBDvkjcjYkH1g-uV3bjni_KWUeE94Ko8D0vzy7Ka6PFfY82FfgQdWimlLEBHQmPEl5hN0dry86OOJveSqIxt-z-9syq6_Bo7q7cHqaTbczUSkJbE0XnbnbvwkwllN9GNYDaVKZ_yk934Sor5ZVLxlatGDBb-DKKQXt6wIaI-8xGbzv1fbsHWgVo4eAkhTRItecVyTH3C2BT4MUNhEPerg_WCyKuS9HbVDkMEgAMDQQL-voFISjDRanD0uuGXd0ncPbg3XHBaBtPIav3fHPNOq1yXBE4rnNTl_XOFzWzBb_MH4OQlPC53oAJEqihlbSnJASfnEZxDAaLqY7An2I7NZBe9RKayAAhEWZVlBaefPH14INZl-ehnmL4eO-3nPAeSJrffATOmnNTTP2druAu1GcEk9b5T3BaU2qR2xsWjwHtIalDTYLd6cgHeiH1o9_CN4af-r6juxw1v4fNwQen5ezfwzS7J0C5AvBwEWZtFWzXjxZ6Q4hKUEVOV-bSxMk7-PIiiQoZvemF-QCWuZ_NssPavgOwSKjPQCvLMw41_kwTFOX3hMdW11kazHculvHpoAVfHkvdq6yL3xJX9fDmVGDn8iSJIdpZZ0KCh77F3Qd6vq0cRZr_v41QsPPQHZox6859iieIrFtB6kcw2dmxS3NSV_6cRfEAqeZU749SWsZMvyUIG1BD79RW6e0vAANAiEB1plKRDEDdB-D3AB6iUTPqo36KRKv1slSu3FS4ULfFm7pGCAZOBuBndUFtnhqv1RfIMcJXPNzCTSW2HPNDaryIIbd6TxUrzaxbtw8gqjx6jJqv3Lq7eoYTdUF_N4cEsoWJsr7_m426jxsKab4JwZn_1Jouah4HmsmciwWV-V8xqia6wkiC3jQ_hLZvM72p6WTsGMw99la-P7Pria2_GGPeGQ7Q1CV8uUn4ZW82AEhHPbBTAuFtkuSQSMZ4uX7IPC37Hhy8GKvQHqOQopJVgh5TG1RjpevN1KPINvQwcQSdeCowc2vZTJY21fz126UFRara8O-5FMvkFBPWuymbJQdyjTzP22Hz4XyykTPHZMEXZbziyQcOnwGtfF_JFAhVsTgZX6pEDcuFrZykeZ0JkDwkwt0P6kB4iy2ywfGzbMF0Jy-lpTaYHPWT_D8G3QkvnNl0meGx4lasAMThGOylVyyzUomvCB_wMbVbx75A0dO3-3465L5Mihe5MtoPLQ_vJGFo8OJKB02-p0P16L7__axV8_1Vn1e16XKFy4ZUeFFBEuECX1C87zNU-L9CZTjB6dByTHl4xwPLkh_M16BaHAQeaFOji91WzOhDnViFPYSapfLomP-Sr-S-dVgsARqGyDdbZqzNIbnD8tf0ZXps4BMVEDsYTPBH-C1HrulW1BxDBDOuAVD7wJDIyxW8FDrDAIIyoncn0UF8IW5HdkQMF8hphunPE39iZBIBDjIqT58SjYs_AYbqBeUrP8iFgFXoB04yFw7QLYs2H9YIFbqDR6lfBxhZOHjgX68seyPpBWTLi-y9tSjPCbQfqNloLxy4Q2TpMqS7Ximm7HzsQ5zValjGAJ7T7tIsNiz1zeE__nbKDD5sC7ZndwESnmgEy7hOYaNeu-8oxu1w42rJ6Xedt7aOAn3eI1mKcayRxo9K6LxH1mrS_7pCi1UB5R_YseHzarzOIimhN9T50Ndo1axFt5FAoZE_mT5NI2qBpKXADc1bIt4hiARe9be9gD6zYwCHj13Kq1D78TN6W7TPXXqCkcJ5ROCc81B1BAW5w4GjEgq13LqsfBngK-bgpk36ANVN9b1aGdgwh2Il4yOJJqmK3H7birJVTAaO8voHTg0xiD_LYF-gtX4JK87ZInWfeJeUivSsE4y-O3KIS8QWvPZ7FJwI8tQ35IBKvRCKFG4QKHLvwrjS9g81hE2cgTbK-LQ1emr5qbr6_x7wGqdqQa2IHHcyEu8QMSUKkmE21znCMvQU1LZmYjoG-cD2h3DvBsjPFviXmG_KwKJ_2qzZ8xckUeUhw1JVIDYXr5t4eNt3gk2bYWBHa9JSZgN4zr71ooHJwdild6mQGW3qph" - }, - { - "name": "k1.secret-pw-fail-3", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "unwrapped": null, - "password": "correct horse battery staple", - "options": {"memlimit": 268435456, "opslimit": 3}, - "paserk": "k2.secret-pw.LIQIbVTVcP2TVLfagckhYwAAAAAQAAAAAAAAAwAAAAHrQbamWckckJkh0vvEqrUr5GiesF3hIJapT2aXKEWM_oXyyYbwWwMccN2rfTvYiGcngmMuiyTPM8u6tdcEx1gojM_Z00OSokVMGK-8tEN6RfUk8q0HfzCOfXf0nC-1tNoyzuxeVII8ryAwdPYDw129HfjnqVzEqid" - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k1.secret-wrap.pie.json b/tests/test-vectors/k1.secret-wrap.pie.json deleted file mode 100644 index 10f6542..0000000 --- a/tests/test-vectors/k1.secret-wrap.pie.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "PASERK k1.secret-wrap.pie Test Vectors", - "tests": [ - { - "name": "k1.secret-wrap.pie-1", - "expect-fail": false, - "unwrapped": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9\nGCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N\n02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJ\nAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNx\nkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6alUyhKC1+1w/FW6HWcp/JG1kKC8DPI\nidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQABAoIBAF22jLDa34yKdns3\nqfd7to+C3D5hRzAcMn6Azvf9qc+VybEI6RnjTHxDZWK5EajSP4/sQ15e8ivUk0Jo\nWdJ53feL+hnQvwsab28gghSghrxM2kGwGA1XgO+SVawqJt8SjvE+Q+//01ZKK0Oy\nA0cDJjX3L9RoPUN/moMeAPFw0hqkFEhm72GSVCEY1eY+cOXmL3icxnsnlUD//SS9\nq33RxF2y5oiW1edqcRqhW/7L1yYMbxHFUcxWh8WUwjn1AAhoCOUzF8ZB+0X/PPh+\n1nYoq6xwqL0ZKDwrQ8SDhW/rNDLeO9gic5rl7EetRQRbFvsZ40AdsX2wU+lWFUkB\n42AjuoECgYEA5z/CXqDFfZ8MXCPAOeui8y5HNDtu30aR+HOXsBDnRI8huXsGND04\nFfmXR7nkghr08fFVDmE4PeKUk810YJb+IAJo8wrOZ0682n6yEMO58omqKin+iIUV\nrPXLSLo5CChrqw2J4vgzolzPw3N5I8FJdLomb9FkrV84H+IviPIylyECgYEA3znw\nAG29QX6ATEfFpGVOcogorHCntd4niaWCq5ne5sFL+EwLeVc1zD9yj1axcDelICDZ\nxCZynU7kDnrQcFkT0bjH/gC8Jk3v7XT9l1UDDqC1b7rm/X5wFIZ/rmNa1rVZhL1o\n/tKx5tvM2syJ1q95v7NdygFIEIW+qbIKbc6Wz0MCgYBsUZdQD+qx/xAhELX364I2\nepTryHMUrs+tGygQVrqdiJX5dcDgM1TUJkdQV6jLsKjPs4Vt6OgZRMrnuLMsk02R\n3M8gGQ25ok4f4nyyEZxGGWnVujn55KzUiYWhGWmhgp18UCkoYa59/Q9ss+gocV9h\nB9j9Q43vD80QUjiF4z0DQQKBgC7XQX1VibkMim93QAnXGDcAS0ij+w02qKVBjcHk\nb9mMBhz8GAxGOIu7ZJafYmxhwMyVGB0I1FQeEczYCJUKnBYN6Clsjg6bnBT/z5bJ\nx/Jx1qCzX3Uh6vLjpjc5sf4L39Tyye1u2NXQmZPwB5x9BdcsFConSq/s4K1LJtUT\n3KFxAoGBANGcQ8nObi3m4wROyKrkCWcWxFFMnpwxv0pW727Hn9wuaOs4UbesCnwm\npcMTfzGUDuzYXCtAq2pJl64HG6wsdkWmjBTJEpm6b9ibOBN3qFV2zQ0HyyKlMWxI\nuVSj9gOo61hF7UH9XB6R4HRdlpBOuIbgAWZ46dkj9/HM9ovdP0Iy\n-----END RSA PRIVATE KEY-----", - "wrapping-key":"707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k1.secret-wrap.pie.npl0BPDoiKzl7qCmqEvBV1t9igbxNHs83S6ymepSS0O9iBRdbtmBd68WLz6RQ2eJi-YYryYNvCSwxEx7LegpuJ0RLfyUyy3cqN3j41MUKq9cODvwjWDpKF_NAy7JtMd5PjbBCL60Ro2uY6oqJNtM2Hiczu5Wmp8uflkDAhe0KBuufwoyqYCUD3Dwgwaqk7Rh6z7ondkwJriujSEeywVOzDpMsImQPpXWdcrMjpnTtSmArdLQ7YyVqjIBSEYkA-nF9qzHYPbGcwFB2grrFtxMOMcK0kFjbUaJhF5r8d4fGiSc4YSFPqA9Qf2H438P4F_uG6j7giBUxS16twsOjS4eaz5ONyEsZk4D5ESpxJzhiymrXg7917HjSMXZcJ1utImuCaOSKjnjM4J5cq05ragvEhpELciyf6vEVnayIhrg_OUdWFWjRiLQnYc9SB6WS_Gyy5ALXpZ-NMMHllvgHm3_eedolKJIFzNTkioRfZJL7WNXLbQaY_e1TTAkusy36fQ6vJ0plC6EdDKkj1UnzDMBu6OBEgCcIOJX9Xefh2S1D9gC5FEC5RvDDiRIdKIZO_9O3np27XEbUt6Fk0eJUb5egL1hm1iiZ-Ux4owkb8iXDcJueAn4-DRvFk0VODCLXOD1XXIfxsELSY0q0hwPcI2k_CkY1rzGxlPvP1WLLzJje_Q0pRSlyN5GsH93JtR1_z0MXWtley06ngDzdXQi7meKQovj9D0BQCn8cVUBpbWazolAdAv8RElwSD5bgDVF-hlYzZ50zpFWY_ADjrR2kKXhDp4ebg48Iqqnn5xQ4vfHLC3RIokzL4xAylzuoGP30Hup42g5ThRc1dPTMeXBW5ICQ_9QdEUBEUd6tp-6HHFqTrXOMfyAzcl6NEOfisLIY6J5ibTte_ir6PCNqiKBjYsiQ-HwxMMcZ7FalV6Gk26IeWVAnX7roh_FjVz04r1JTLusF3JOzk9onv3UeMJyroXga4qn5lU0_aGCOLKBVOp3PstF_vTlQ57gi6xT2MqKTOQ_akI_jpW1-KSQ1A4m_p_whw11Lb8qXHpnp68xtV8pPAV5W1i3Exqsx03l3L_e6nAkKR2B3zc3gmfruoKa6oIp2hYXfovurkpVN1vX91qyNW7rBnjH6ouB18Mbv3KW_8XGFYPMloyVFpg1Cxzy53hP2V4H_gR-M76w3nb_13l1xZGEut1Pl49WrwEh-7WDvaDVEV5FpzTczi-ab19o4U-mFewLlNxydGq2rqFgCX12BoJh3NlAwWTOhHtvbBuRBfL_PQoD3uDSkV6QtYKD6XP_2n3PyMkKs5dEcKKLiY0e9CimvrNwGcFHWrQOtT1oP5U_UAelrYJH3qXEOYb8klcbbYfQxJuIgxZH2nRp2De2_sHIVfqu6o1ziSzrEetkTnK8E8A5ZXYAmNZev1YdYtTT5P06WfqJvw716hGYK-oSzlCalP7znS1xYZFcuWLYpwWHQyyF3AVyMXcbRW8hRmX84KHcVc-iQZLLudazcAR24kKJiaysVIWDZ6NOultQr86hCD6MZaYhwCyivBDLQ88FEO7UtylnWth9sT-k7ljnQYcT1KBUxB1G3JNx9F9OHg2Lz5KXn_cKlw0stbYtVTjpY9tmOCXiDsE1npE_lR8BZjPNgKb6AM0U9YtRnPNW2Myey3mhMpsznPevN8aQYDn7CCRucK2_Hb4" - }, - { - "name": "k1.secret-wrap.pie-2", - "expect-fail": false, - "unwrapped": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9\nGCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N\n02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJ\nAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNx\nkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6alUyhKC1+1w/FW6HWcp/JG1kKC8DPI\nidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQABAoIBAF22jLDa34yKdns3\nqfd7to+C3D5hRzAcMn6Azvf9qc+VybEI6RnjTHxDZWK5EajSP4/sQ15e8ivUk0Jo\nWdJ53feL+hnQvwsab28gghSghrxM2kGwGA1XgO+SVawqJt8SjvE+Q+//01ZKK0Oy\nA0cDJjX3L9RoPUN/moMeAPFw0hqkFEhm72GSVCEY1eY+cOXmL3icxnsnlUD//SS9\nq33RxF2y5oiW1edqcRqhW/7L1yYMbxHFUcxWh8WUwjn1AAhoCOUzF8ZB+0X/PPh+\n1nYoq6xwqL0ZKDwrQ8SDhW/rNDLeO9gic5rl7EetRQRbFvsZ40AdsX2wU+lWFUkB\n42AjuoECgYEA5z/CXqDFfZ8MXCPAOeui8y5HNDtu30aR+HOXsBDnRI8huXsGND04\nFfmXR7nkghr08fFVDmE4PeKUk810YJb+IAJo8wrOZ0682n6yEMO58omqKin+iIUV\nrPXLSLo5CChrqw2J4vgzolzPw3N5I8FJdLomb9FkrV84H+IviPIylyECgYEA3znw\nAG29QX6ATEfFpGVOcogorHCntd4niaWCq5ne5sFL+EwLeVc1zD9yj1axcDelICDZ\nxCZynU7kDnrQcFkT0bjH/gC8Jk3v7XT9l1UDDqC1b7rm/X5wFIZ/rmNa1rVZhL1o\n/tKx5tvM2syJ1q95v7NdygFIEIW+qbIKbc6Wz0MCgYBsUZdQD+qx/xAhELX364I2\nepTryHMUrs+tGygQVrqdiJX5dcDgM1TUJkdQV6jLsKjPs4Vt6OgZRMrnuLMsk02R\n3M8gGQ25ok4f4nyyEZxGGWnVujn55KzUiYWhGWmhgp18UCkoYa59/Q9ss+gocV9h\nB9j9Q43vD80QUjiF4z0DQQKBgC7XQX1VibkMim93QAnXGDcAS0ij+w02qKVBjcHk\nb9mMBhz8GAxGOIu7ZJafYmxhwMyVGB0I1FQeEczYCJUKnBYN6Clsjg6bnBT/z5bJ\nx/Jx1qCzX3Uh6vLjpjc5sf4L39Tyye1u2NXQmZPwB5x9BdcsFConSq/s4K1LJtUT\n3KFxAoGBANGcQ8nObi3m4wROyKrkCWcWxFFMnpwxv0pW727Hn9wuaOs4UbesCnwm\npcMTfzGUDuzYXCtAq2pJl64HG6wsdkWmjBTJEpm6b9ibOBN3qFV2zQ0HyyKlMWxI\nuVSj9gOo61hF7UH9XB6R4HRdlpBOuIbgAWZ46dkj9/HM9ovdP0Iy\n-----END RSA PRIVATE KEY-----", - "wrapping-key": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "paserk": "k1.secret-wrap.pie.6xorqK8MPVRVFSQYBY1QLfKSbR7Ovm835aCiuUzgQJZvbNUHD9v1eqwoamR6iTbvxNm8amFY-JN3OZZPaSHdzOjJ2-Q00p5oEAGFxDTpUHKNoiuHBBnqSyxJrrbyEMbIuyKXlbkoe9b5UNtBkrtCGTyNYEN4E9neZ5bx3tT_JzhZea7weCvUqEpfaxEzNG4ahtcRxL4WmFiyY2WEKkjrxQkCuog6D_7Oo_3UcB6vguNvBgfHwhb0ABOBjAY0YyFUNmXai9CGT42bL_AHLvgcyUtJ6WT-yxQ6iWVDzdtEAngkMKOwM-6nwDH12Agke-YZVyON_GzAezycdk_Ck1DsEec3X6tK9AtK0-zdFE7yxAqn5qIlm-FzUycg36JgwoxD1u1TfXXj0q1uolLBM26P9WFW1wIIeVLjLKcGBH6jdBCqguAOqI9AcwjmvuS6krx4ZUfYH6wEHDzDQlyf-zy8ox0enZMFSWxIkV7ROhxf89eSaC1JSZLvpnS1-otru_9mRyBwxZs9ro2xez7zcfcPDmu_LoqPJ7pqH-9MaUV_KBOPkGGn3uXOC5StW5kuVr_VRBTNpSGCdUi7z2DPsD5Svvcr5t2P5xh8nDeTP7C0aD_L6zNO3tQXpxWnG2adynm3SCfMIkQu3GbvYy8B2uBInxDvwmljQOSHoH4kS5D5K1BCCv6Wf7NgePiiPLN6cr3JRdvbzE6OU3y6BAcFBP9NoUivbl5NSBkLWgrwV6vNtZJl3P1vngqa3A38wqc1hGfWBJvRYwJ9HDcL8IYFoCKRSq-e824jhQE5wogpgmHYucVKlBoOJNZA2YxfHuCfF3ak644Ok2Tyab5tvYVrWkZZA70k87Hom9F-5Olf5fp2Kw4oCdJh6re3SZOG-aUq8jMknMafoinIyHCe-wp6JWOlPZfUYaWNFFxXGTi7sx58UI5QN4nUNbe-Zq4ky21QGHXXcTQvNENr1nnECdR2Q8FYtitBKXoxNStWqT-vtgFgUNSiRnr1yL8Nqt_X-kWPuN9sY42JbfPfDuIJPpL35ZTHlZDZpZamDj-h6WRFJW7gd3MlJ6KFSOw3JAuuDvoPRe0_LaWQF2yDiI2YIPl05zWZREluEyTS2Xkh6JZ6Zb5ioZ_rXE5yP0jFS8ImPNKAHg9hlhtAc97hc23T5DxIOQeMojg2mSUPMESg5p4Ctdm0LAHxy1h-ithNe6_nLZPmbtj0Hq1cU9QQyNGWkLDFQNeN2k1-cPF4EeSSJGo__lD-75VqQTSTf35p4QQd1nndsdFVpyTI1VzS2RaxVCvNotVUw8_AICYz08CkUJqP-EAVkpYKbCTAAS_gpT-3glOtBBoTq9gTq1fg-_u3arB4NmxAD-0X21XVHsfUkoJz-K2RZmBfQCzCqmLTqnzPL14omLgdtlr5BVyo_u6Uyk2vxCfFTrjkuDVh3twbM2PLYj7yUah6D_t5nViy85RLLprjcUkXaddfuQwj2AAAqI_r4_IpieRZOiVB7YKDGhxraQg18Jo1XJdV3lO8ADGtHM59x-CeaNTsYpk_S10adTtaqcbQb95kYRfNIxnQrbacLtEePRHVpng4hVF0FZtZAqjT8DroaozBIQEoqivAXryMTgGBLWhpBQa3ssnDY90-Wh20yS-7Do7YmYewRPGb22eSKHL45Y2NHriqYr_nAo6o-km0ZN6FfGBbCuE" - }, - { - "name": "k1.secret-wrap.pie-fail-1", - "expect-fail": true, - "comment": "Invalid authentication tag on ciphertext", - "unwrapped": null, - "wrapping-key": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "paserk": "k1.secret-wrap.pie.6xorqK8MPVRVFSQYBY1QLfKSbR7Ovm835aCiuUzgQJZvbNUHD9v1eqwoamR6iTbvxNm8amFY-JN3OZZPaSHdzOjJ2-Q00p5oEAGFxDTpUHKNoiuHBBnqSyxJrrbyEMbIuyKXlbkoe9b5UNtBkrtCGTyNYEN4E9neZ5bx3tT_JzhZea7weCvUqEpfaxEzNG4ahtcRxL4WmFiyY2WEKkjrxQkCuog6D_7Oo_3UcB6vguNvBgfHwhb0ABOBjAY0YyFUNmXai9CGT42bL_AHLvgcyUtJ6WT-yxQ6iWVDzdtEAngkMKOwM-6nwDH12Agke-YZVyON_GzAezycdk_Ck1DsEec3X6tK9AtK0-zdFE7yxAqn5qIlm-FzUycg36JgwoxD1u1TfXXj0q1uolLBM26P9WFW1wIIeVLjLKcGBH6jdBCqguAOqI9AcwjmvuS6krx4ZUfYH6wEHDzDQlyf-zy8ox0enZMFSWxIkV7ROhxf89eSaC1JSZLvpnS1-otru_9mRyBwxZs9ro2xez7zcfcPDmu_LoqPJ7pqH-9MaUV_KBOPkGGn3uXOC5StW5kuVr_VRBTNpSGCdUi7z2DPsD5Svvcr5t2P5xh8nDeTP7C0aD_L6zNO3tQXpxWnG2adynm3SCfMIkQu3GbvYy8B2uBInxDvwmljQOSHoH4kS5D5K1BCCv6Wf7NgePiiPLN6cr3JRdvbzE6OU3y6BAcFBP9NoUivbl5NSBkLWgrwV6vNtZJl3P1vngqa3A38wqc1hGfWBJvRYwJ9HDcL8IYFoCKRSq-e824jhQE5wogpgmHYucVKlBoOJNZA2YxfHuCfF3ak644Ok2Tyab5tvYVrWkZZA70k87Hom9F-5Olf5fp2Kw4oCdJh6re3SZOG-aUq8jMknMafoinIyHCe-wp6JWOlPZfUYaWNFFxXGTi7sx58UI5QN4nUNbe-Zq4ky21QGHXXcTQvNENr1nnECdR2Q8FYtitBKXoxNStWqT-vtgFgUNSiRnr1yL8Nqt_X-kWPuN9sY42JbfPfDuIJPpL35ZTHlZDZpZamDj-h6WRFJW7gd3MlJ6KFSOw3JAuuDvoPRe0_LaWQF2yDiI2YIPl05zWZREluEyTS2Xkh6JZ6Zb5ioZ_rXE5yP0jFS8ImPNKAHg9hlhtAc97hc23T5DxIOQeMojg2mSUPMESg5p4Ctdm0LAHxy1h-ithNe6_nLZPmbtj0Hq1cU9QQyNGWkLDFQNeN2k1-cPF4EeSSJGo__lD-75VqQTSTf35p4QQd1nndsdFVpyTI1VzS2RaxVCvNotVUw8_AICYz08CkUJqP-EAVkpYKbCTAAS_gpT-3glOtBBoTq9gTq1fg-_u3arB4NmxAD-0X21XVHsfUkoJz-K2RZmBfQCzCqmLTqnzPL14omLgdtlr5BVyo_u6Uyk2vxCfFTrjkuDVh3twbM2PLYj7yUah6D_t5nViy85RLLprjcUkXaddfuQwj2AAAqI_r4_IpieRZOiVB7YKDGhxraQg18Jo1XJdV3lO8ADGtHM59x-CeaNTsYpk_S10adTtaqcbQb95kYRfNIxnQrbacLtEePRHVpng4hVF0FZtZAqjT8DroaozBIQEoqivAXryMTgGBLWhpBQa3ssnDY90-Wh20yS-7Do7YmYewRPGb22eSKHL45Y2NHriqYr_nAo6o-km0ZN6FfGBbDvF" - }, - { - "name": "k1.secret-wrap.pie-fail-2", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "unwrapped": null, - "wrapping-key": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "paserk": "k2.secret-wrap.pie.MMdHghvp1yDr2nqeFmrrlsiZC9O4MMfobSKML62CTzofArLMxqRNUA7ONGlUea5IwMFc6G7Nka2PqrBDaXW1yREpuyFcmfgdTmTIwWGHb-SgrgHe5RDg221beOvbo2hxTzjBnXay_hfPsJPA97PPWdYH_9vAa06piaEux94TUoc" - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k1.secret.json b/tests/test-vectors/k1.secret.json deleted file mode 100644 index d8a2402..0000000 --- a/tests/test-vectors/k1.secret.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "name": "PASERK k1.secret Test Vectors", - "tests": [ - { - "name": "k1.secret-1", - "expect-fail": false, - "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9\nGCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N\n02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJ\nAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNx\nkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6alUyhKC1+1w/FW6HWcp/JG1kKC8DPI\nidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQABAoIBAF22jLDa34yKdns3\nqfd7to+C3D5hRzAcMn6Azvf9qc+VybEI6RnjTHxDZWK5EajSP4/sQ15e8ivUk0Jo\nWdJ53feL+hnQvwsab28gghSghrxM2kGwGA1XgO+SVawqJt8SjvE+Q+//01ZKK0Oy\nA0cDJjX3L9RoPUN/moMeAPFw0hqkFEhm72GSVCEY1eY+cOXmL3icxnsnlUD//SS9\nq33RxF2y5oiW1edqcRqhW/7L1yYMbxHFUcxWh8WUwjn1AAhoCOUzF8ZB+0X/PPh+\n1nYoq6xwqL0ZKDwrQ8SDhW/rNDLeO9gic5rl7EetRQRbFvsZ40AdsX2wU+lWFUkB\n42AjuoECgYEA5z/CXqDFfZ8MXCPAOeui8y5HNDtu30aR+HOXsBDnRI8huXsGND04\nFfmXR7nkghr08fFVDmE4PeKUk810YJb+IAJo8wrOZ0682n6yEMO58omqKin+iIUV\nrPXLSLo5CChrqw2J4vgzolzPw3N5I8FJdLomb9FkrV84H+IviPIylyECgYEA3znw\nAG29QX6ATEfFpGVOcogorHCntd4niaWCq5ne5sFL+EwLeVc1zD9yj1axcDelICDZ\nxCZynU7kDnrQcFkT0bjH/gC8Jk3v7XT9l1UDDqC1b7rm/X5wFIZ/rmNa1rVZhL1o\n/tKx5tvM2syJ1q95v7NdygFIEIW+qbIKbc6Wz0MCgYBsUZdQD+qx/xAhELX364I2\nepTryHMUrs+tGygQVrqdiJX5dcDgM1TUJkdQV6jLsKjPs4Vt6OgZRMrnuLMsk02R\n3M8gGQ25ok4f4nyyEZxGGWnVujn55KzUiYWhGWmhgp18UCkoYa59/Q9ss+gocV9h\nB9j9Q43vD80QUjiF4z0DQQKBgC7XQX1VibkMim93QAnXGDcAS0ij+w02qKVBjcHk\nb9mMBhz8GAxGOIu7ZJafYmxhwMyVGB0I1FQeEczYCJUKnBYN6Clsjg6bnBT/z5bJ\nx/Jx1qCzX3Uh6vLjpjc5sf4L39Tyye1u2NXQmZPwB5x9BdcsFConSq/s4K1LJtUT\n3KFxAoGBANGcQ8nObi3m4wROyKrkCWcWxFFMnpwxv0pW727Hn9wuaOs4UbesCnwm\npcMTfzGUDuzYXCtAq2pJl64HG6wsdkWmjBTJEpm6b9ibOBN3qFV2zQ0HyyKlMWxI\nuVSj9gOo61hF7UH9XB6R4HRdlpBOuIbgAWZ46dkj9/HM9ovdP0Iy\n-----END RSA PRIVATE KEY-----", - "public-key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p5GHgwoGW\nwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwx\nKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1\nOt0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAA\npVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6al\nUyhKC1+1w/FW6HWcp/JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8\nowIDAQAB\n-----END PUBLIC KEY-----", - "paserk": "k1.secret.MIIEowIBAAKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh_uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW-gmLbgYO_SZYfWF_M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB_0AIELh0mE5vwdihOCbdV6alUyhKC1-1w_FW6HWcp_JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQABAoIBAF22jLDa34yKdns3qfd7to-C3D5hRzAcMn6Azvf9qc-VybEI6RnjTHxDZWK5EajSP4_sQ15e8ivUk0JoWdJ53feL-hnQvwsab28gghSghrxM2kGwGA1XgO-SVawqJt8SjvE-Q-__01ZKK0OyA0cDJjX3L9RoPUN_moMeAPFw0hqkFEhm72GSVCEY1eY-cOXmL3icxnsnlUD__SS9q33RxF2y5oiW1edqcRqhW_7L1yYMbxHFUcxWh8WUwjn1AAhoCOUzF8ZB-0X_PPh-1nYoq6xwqL0ZKDwrQ8SDhW_rNDLeO9gic5rl7EetRQRbFvsZ40AdsX2wU-lWFUkB42AjuoECgYEA5z_CXqDFfZ8MXCPAOeui8y5HNDtu30aR-HOXsBDnRI8huXsGND04FfmXR7nkghr08fFVDmE4PeKUk810YJb-IAJo8wrOZ0682n6yEMO58omqKin-iIUVrPXLSLo5CChrqw2J4vgzolzPw3N5I8FJdLomb9FkrV84H-IviPIylyECgYEA3znwAG29QX6ATEfFpGVOcogorHCntd4niaWCq5ne5sFL-EwLeVc1zD9yj1axcDelICDZxCZynU7kDnrQcFkT0bjH_gC8Jk3v7XT9l1UDDqC1b7rm_X5wFIZ_rmNa1rVZhL1o_tKx5tvM2syJ1q95v7NdygFIEIW-qbIKbc6Wz0MCgYBsUZdQD-qx_xAhELX364I2epTryHMUrs-tGygQVrqdiJX5dcDgM1TUJkdQV6jLsKjPs4Vt6OgZRMrnuLMsk02R3M8gGQ25ok4f4nyyEZxGGWnVujn55KzUiYWhGWmhgp18UCkoYa59_Q9ss-gocV9hB9j9Q43vD80QUjiF4z0DQQKBgC7XQX1VibkMim93QAnXGDcAS0ij-w02qKVBjcHkb9mMBhz8GAxGOIu7ZJafYmxhwMyVGB0I1FQeEczYCJUKnBYN6Clsjg6bnBT_z5bJx_Jx1qCzX3Uh6vLjpjc5sf4L39Tyye1u2NXQmZPwB5x9BdcsFConSq_s4K1LJtUT3KFxAoGBANGcQ8nObi3m4wROyKrkCWcWxFFMnpwxv0pW727Hn9wuaOs4UbesCnwmpcMTfzGUDuzYXCtAq2pJl64HG6wsdkWmjBTJEpm6b9ibOBN3qFV2zQ0HyyKlMWxIuVSj9gOo61hF7UH9XB6R4HRdlpBOuIbgAWZ46dkj9_HM9ovdP0Iy" - }, - { - "name": "k1.secret-fail-1", - "expect-fail": true, - "comment": "Invalid encoding for secret", - "key": null, - "paserk": "k1.secret.TgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh_uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW-gmLbgYO_SZYfWF_M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB_0AIELh0mE5vwdihOCbdV6alUyhKC1-1w_FW6HWcp_JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQABAoIBAF22jLDa34yKdns3qfd7to-C3D5hRzAcMn6Azvf9qc-VybEI6RnjTHxDZWK5EajSP4_sQ15e8ivUk0JoWdJ53feL-hnQvwsab28gghSghrxM2kGwGA1XgO-SVawqJt8SjvE-Q-__01ZKK0OyA0cDJjX3L9RoPUN_moMeAPFw0hqkFEhm72GSVCEY1eY-cOXmL3icxnsnlUD__SS9q33RxF2y5oiW1edqcRqhW_7L1yYMbxHFUcxWh8WUwjn1AAhoCOUzF8ZB-0X_PPh-1nYoq6xwqL0ZKDwrQ8SDhW_rNDLeO9gic5rl7EetRQRbFvsZ40AdsX2wU-lWFUkB42AjuoECgYEA5z_CXqDFfZ8MXCPAOeui8y5HNDtu30aR-HOXsBDnRI8huXsGND04FfmXR7nkghr08fFVDmE4PeKUk810YJb-IAJo8wrOZ0682n6yEMO58omqKin-iIUVrPXLSLo5CChrqw2J4vgzolzPw3N5I8FJdLomb9FkrV84H-IviPIylyECgYEA3znwAG29QX6ATEfFpGVOcogorHCntd4niaWCq5ne5sFL-EwLeVc1zD9yj1axcDelICDZxCZynU7kDnrQcFkT0bjH_gC8Jk3v7XT9l1UDDqC1b7rm_X5wFIZ_rmNa1rVZhL1o_tKx5tvM2syJ1q95v7NdygFIEIW-qbIKbc6Wz0MCgYBsUZdQD-qx_xAhELX364I2epTryHMUrs-tGygQVrqdiJX5dcDgM1TUJkdQV6jLsKjPs4Vt6OgZRMrnuLMsk02R3M8gGQ25ok4f4nyyEZxGGWnVujn55KzUiYWhGWmhgp18UCkoYa59_Q9ss-gocV9hB9j9Q43vD80QUjiF4z0DQQKBgC7XQX1VibkMim93QAnXGDcAS0ij-w02qKVBjcHkb9mMBhz8GAxGOIu7ZJafYmxhwMyVGB0I1FQeEczYCJUKnBYN6Clsjg6bnBT_z5bJx_Jx1qCzX3Uh6vLjpjc5sf4L39Tyye1u2NXQmZPwB5x9BdcsFConSq_s4K1LJtUT3KFxAoGBANGcQ8nObi3m4wROyKrkCWcWxFFMnpwxv0pW727Hn9wuaOs4UbesCnwmpcMTfzGUDuzYXCtAq2pJl64HG6wsdkWmjBTJEpm6b9ibOBN3qFV2zQ0HyyKlMWxIuVSj9gOo61hF7UH9XB6R4HRdlpBOuIbgAWZ46dkj9_HM8ovdP0Iz" - }, - { - "name": "k1.secret-fail-2", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "key": null, - "secret-key-seed": "0000000000000000000000000000000000000000000000000000000000000000", - "public-key": "3b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29", - "paserk": "k2.secret.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7aie8zrakLWKjqNAqbw1zZTIVdx3iQ6Y6wEihi1naKQ" - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k1.sid.json b/tests/test-vectors/k1.sid.json deleted file mode 100644 index 5e11809..0000000 --- a/tests/test-vectors/k1.sid.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "name": "PASERK k1.sid Test Vectors", - "tests": [ - { - "name": "k1.sid-1", - "expect-fail": false, - "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9\nGCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N\n02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJ\nAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNx\nkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6alUyhKC1+1w/FW6HWcp/JG1kKC8DPI\nidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQABAoIBAF22jLDa34yKdns3\nqfd7to+C3D5hRzAcMn6Azvf9qc+VybEI6RnjTHxDZWK5EajSP4/sQ15e8ivUk0Jo\nWdJ53feL+hnQvwsab28gghSghrxM2kGwGA1XgO+SVawqJt8SjvE+Q+//01ZKK0Oy\nA0cDJjX3L9RoPUN/moMeAPFw0hqkFEhm72GSVCEY1eY+cOXmL3icxnsnlUD//SS9\nq33RxF2y5oiW1edqcRqhW/7L1yYMbxHFUcxWh8WUwjn1AAhoCOUzF8ZB+0X/PPh+\n1nYoq6xwqL0ZKDwrQ8SDhW/rNDLeO9gic5rl7EetRQRbFvsZ40AdsX2wU+lWFUkB\n42AjuoECgYEA5z/CXqDFfZ8MXCPAOeui8y5HNDtu30aR+HOXsBDnRI8huXsGND04\nFfmXR7nkghr08fFVDmE4PeKUk810YJb+IAJo8wrOZ0682n6yEMO58omqKin+iIUV\nrPXLSLo5CChrqw2J4vgzolzPw3N5I8FJdLomb9FkrV84H+IviPIylyECgYEA3znw\nAG29QX6ATEfFpGVOcogorHCntd4niaWCq5ne5sFL+EwLeVc1zD9yj1axcDelICDZ\nxCZynU7kDnrQcFkT0bjH/gC8Jk3v7XT9l1UDDqC1b7rm/X5wFIZ/rmNa1rVZhL1o\n/tKx5tvM2syJ1q95v7NdygFIEIW+qbIKbc6Wz0MCgYBsUZdQD+qx/xAhELX364I2\nepTryHMUrs+tGygQVrqdiJX5dcDgM1TUJkdQV6jLsKjPs4Vt6OgZRMrnuLMsk02R\n3M8gGQ25ok4f4nyyEZxGGWnVujn55KzUiYWhGWmhgp18UCkoYa59/Q9ss+gocV9h\nB9j9Q43vD80QUjiF4z0DQQKBgC7XQX1VibkMim93QAnXGDcAS0ij+w02qKVBjcHk\nb9mMBhz8GAxGOIu7ZJafYmxhwMyVGB0I1FQeEczYCJUKnBYN6Clsjg6bnBT/z5bJ\nx/Jx1qCzX3Uh6vLjpjc5sf4L39Tyye1u2NXQmZPwB5x9BdcsFConSq/s4K1LJtUT\n3KFxAoGBANGcQ8nObi3m4wROyKrkCWcWxFFMnpwxv0pW727Hn9wuaOs4UbesCnwm\npcMTfzGUDuzYXCtAq2pJl64HG6wsdkWmjBTJEpm6b9ibOBN3qFV2zQ0HyyKlMWxI\nuVSj9gOo61hF7UH9XB6R4HRdlpBOuIbgAWZ46dkj9/HM9ovdP0Iy\n-----END RSA PRIVATE KEY-----", - "paserk": "k1.sid.aBIISj44Kjs5PmIPh1q6DtTOTy2sz2ov14JJTch_5DHv" - }, { - "name": "k1.sid-fail-1", - "expect-fail": true, - "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIE\n-----END RSA PRIVATE KEY-----", - "comment": "Small RSA keys must fail to serialize." - }, - { - "name": "k1.sid-fail-2", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e9060fe37571a5d6e7d30b15154ce4a9fb92c70c870848f4ccdf1626588097f73f7", - "seed": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e90", - "paserk": null - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k2.lid.json b/tests/test-vectors/k2.lid.json deleted file mode 100644 index a0bcfcb..0000000 --- a/tests/test-vectors/k2.lid.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "PASERK k2.lid Test Vectors", - "tests": [ - { - "name": "k2.lid-1", - "expect-fail": false, - "key": "0000000000000000000000000000000000000000000000000000000000000000", - "paserk": "k2.lid.WpgZ4rDluvqGSwOFQfbkxem-i3lRJ92XPPPwHEDm-gtE" - }, - { - "name": "k2.lid-2", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k2.lid.keK316jg65NYOw6BbBHJHeQ7YWpyuHfNRxBVtY3kNoXG" - }, - { - "name": "k2.lid-3", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e90", - "paserk": "k2.lid.n-Eq3LSDD2sdKE5DjJmZmXQ7-O7BT8mhYoSg_TvDC6x1" - }, - { - "name": "k2.lid-fail-1", - "expect-fail": true, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e", - "paserk": null, - "comment": "If the key is too short, this must fail to serialize." - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k2.local-pw.json b/tests/test-vectors/k2.local-pw.json deleted file mode 100644 index c356e98..0000000 --- a/tests/test-vectors/k2.local-pw.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "name": "PASERK k2.local-pw Test Vectors", - "tests": [ - { - "name": "k2.local-pw-1", - "expect-fail": false, - "unwrapped": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "password": "correct horse battery staple", - "options": {"memlimit": 67108864, "opslimit": 2}, - "paserk": "k2.local-pw.aRFbR_qjEgyRbTWO-8q7PgAAAAAEAAAAAAAAAgAAAAFrOjyWJdnG25HrYDBxxJEpLlxvr9SsUsnFqMqQ_7EqjS51T9ugESvlfoiCtNYpslbb2-vso-p9a0c8tBfKIFVI6B2vq9WdV8wLC6lhpdIMZmUL60rj0DU_" - }, - { - "name": "k2.local-pw-2", - "expect-fail": false, - "unwrapped": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "password": "correct horse battery staple", - "options": {"memlimit": 268435456, "opslimit": 3}, - "paserk": "k2.local-pw.pO9bFwcQ4EvMgi05yZUZYAAAAAAQAAAAAAAAAwAAAAHQDD7woll221xBostsekagJ31WkLjCKzV1emeOK91FbTeyY-NRZAqnoLnGHs30MEbbL7SVqmtPhELmR8ZbrYIPOu6LJh2IQ4bs-xjkPk6UB0t5E9RcYhEt" - }, - { - "name": "k2.local-pw-fail-1", - "expect-fail": true, - "comment": "Incorrect password", - "unwrapped": null, - "password": "correct horse battery staplf", - "options": {"memlimit": 268435456, "opslimit": 3}, - "paserk": "k2.local-pw.pO9bFwcQ4EvMgi05yZUZYAAAAAAQAAAAAAAAAwAAAAHQDD7woll221xBostsekagJ31WkLjCKzV1emeOK91FbTeyY-NRZAqnoLnGHs30MEbbL7SVqmtPhELmR8ZbrYIPOu6LJh2IQ4bs-xjkPk6UB0t5E9RcYhEt" - }, - { - "name": "k2.local-pw-fail-2", - "expect-fail": true, - "comment": "Incorrect authentication tag on ciphertext", - "unwrapped": null, - "password": "correct horse battery staple", - "options": {"memlimit": 268435456, "opslimit": 3}, - "paserk": "k2.local-pw.pO9bFwcQ4EvMgi05yZUZYAAAAAAQAAAAAAAAAwAAAAHQDD7woll221xBostsekagJ31WkLjCKzV1emeOK91FbTeyY-NRZAqnoLnGHs30MEbbL7SVqmtPhELmR8ZbrYIPOu6LJh2IQ4bs-xjkPk6UB0t5E9RcYiFu" - }, - { - "name": "k2.local-pw-fail-3", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "unwrapped": null, - "password": "correct horse battery staple", - "options": {"iterations": 10000}, - "paserk": "k1.local-pw.DMd9Lg4gWt-Ra5O0WIMVwB1jij60uqfnhmoSKbn-YVAAAAPo-jOaUhm2KOQSVqLjHcZ8e09E6t2VtozMUxuU2k9M6EJCQS1XDP0FAXHIZSjNCcAdORQJfMiukPQ4umBn_ZzVwsSxP_yMclvRVKf43lIPMTgCxSkW0Utb8j2e97oa_Uqg" - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k2.local-wrap.pie.json b/tests/test-vectors/k2.local-wrap.pie.json deleted file mode 100644 index 497fb54..0000000 --- a/tests/test-vectors/k2.local-wrap.pie.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "PASERK k2.local-wrap.pie Test Vectors", - "tests": [ - { - "name": "k2.local-wrap.pie-1", - "expect-fail": false, - "unwrapped": "0000000000000000000000000000000000000000000000000000000000000000", - "wrapping-key":"707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k2.local-wrap.pie.vRFzOX-h6lsRQBpBaRbPv5WbT8Kcv_a_NDUfp4kcn-Un6mL2-H1nuZ5YxctgLT4I476TViftvpJu6XJ4iwraTprnVB8KrZaMo387BznW4wYOrC7CZaBpg683sOnmDjtb" - }, - { - "name": "k2.local-wrap.pie-2", - "expect-fail": false, - "unwrapped": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "wrapping-key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k2.local-wrap.pie.UNK6-S4s4uZ2oc7Ntujea9FdRDWgmWmkFJrZPQtVb_Z4GF2iWN7UVPXyKGYfF1WkqVk7a4iWuxAx8KwpoNZEPHK1Ym6PtROKDeMpBPo-G0I9cDyh_r764LGy3NqRb6_0" - }, - { - "name": "k2.local-wrap.pie-fail-1", - "expect-fail": true, - "comment": "Invalid authentication tag on ciphertext", - "unwrapped": null, - "wrapping-key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k2.local-wrap.pie.UNK6-S4s4uZ2oc7Ntujea9FdRDWgmWmkFJrZPQtVb_Z4GF2iWN7UVPXyKGYfF1WkqVk7a4iWuxAx8KwpoNZEPHK1Ym6PtROKDeMpBPo-G0I9cDyh_r764LGy4NqRb7_1" - }, - { - "name": "k2.local-wrap.pie-fail-2", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "unwrapped": null, - "wrapping-key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k1.local-wrap.pie.aMF7_m3KXH8Rgoo4ow1FYEThHAhaNR1deM9SbRRnHR9-ao5qckA-b0sltysyHG8jPor1oVTCiTxS0Bx8Rt6Dnxy9rMGEYwrqfQfrXJLNnvh6O19Id0TwJ-vMnagj3xJeGEZMSO8K9JaZrgh6sBAWng" - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k2.local.json b/tests/test-vectors/k2.local.json deleted file mode 100644 index f616dbf..0000000 --- a/tests/test-vectors/k2.local.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "name": "PASERK k2.local Test Vectors", - "tests": [ - { - "name": "k2.local-1", - "expect-fail": false, - "key": "0000000000000000000000000000000000000000000000000000000000000000", - "paserk": "k2.local.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - { - "name": "k2.local-2", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k2.local.cHFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjo8" - }, - { - "name": "k2.local-3", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e90", - "paserk": "k2.local.cHFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjpA" - }, - { - "name": "k2.local-fail-1", - "expect-fail": true, - "key": null, - "paserk": "k2.local.cHFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjp", - "comment": "If the PASERK is too short, this must fail to deserialize." - }, - { - "name": "k2.local-fail-2", - "expect-fail": true, - "key": null, - "paserk": "k1.local.cHFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjpA", - "comment": "Implementations MUST NOT accept a PASERK of the wrong version." - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k2.pid.json b/tests/test-vectors/k2.pid.json deleted file mode 100644 index d511bd1..0000000 --- a/tests/test-vectors/k2.pid.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "name": "PASERK k2.pid Test Vectors", - "tests": [ - { - "name": "k2.pid-1", - "expect-fail": false, - "key": "0000000000000000000000000000000000000000000000000000000000000000", - "paserk": "k2.pid.gUztDB_2F1oxWaUa0RYxGYtLw_0TN-g5mw_M7HUMLh7D" - }, - { - "name": "k2.pid-2", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k2.pid.4zgEvkSaB64DlcV9ChYZPEqBATLwUsB5zCrlpEOk2wD9" - }, - { - "name": "k2.pid-3", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e90", - "paserk": "k2.pid.2Jd0YsfxY7YWVCHWG0BOc9CCVZmSqRXz0B-p7ENnkxqG" - }, - { - "name": "k2.pid-fail-1", - "expect-fail": true, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e", - "paserk": null, - "comment": "Small public keys must fail to serialize" - }, - { - "name": "k2.pid-fail-2", - "expect-fail": true, - "key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p5GHgwoGW\nwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwx\nKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1\nOt0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAA\npVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6al\nUyhKC1+1w/FW6HWcp/JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8\nowIDAQAB\n-----END PUBLIC KEY-----", - "paserk": null, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version." - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k2.public.json b/tests/test-vectors/k2.public.json deleted file mode 100644 index 37608f8..0000000 --- a/tests/test-vectors/k2.public.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "PASERK k2.public Test Vectors", - "tests": [ - { - "name": "k2.public-1", - "expect-fail": false, - "key": "0000000000000000000000000000000000000000000000000000000000000000", - "paserk": "k2.public.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - { - "name": "k2.public-2", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k2.public.cHFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjo8" - }, - { - "name": "k2.public-3", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e90", - "paserk": "k2.public.cHFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjpA" - }, - { - "name": "k2.public-fail-1", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p5GHgwoGW\nwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwx\nKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1\nOt0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAA\npVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6al\nUyhKC1+1w/FW6HWcp/JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8\nowIDAQAB\n-----END PUBLIC KEY-----", - "paserk": null - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k2.seal.json b/tests/test-vectors/k2.seal.json deleted file mode 100644 index 861dabe..0000000 --- a/tests/test-vectors/k2.seal.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "name": "PASERK k2.seal Test Vectors", - "tests": [ - { - "name": "k2.seal-1", - "expect-fail": false, - "sealing-secret-key": "407796f4bc4b8184e9fe0c54b336822d34823092ad873d87ba14c3efb9db8c1db7715bd661458d928654d3e832f53ff5c9480542e0e3d4c9b032c768c7ce6023", - "sealing-public-key": "b7715bd661458d928654d3e832f53ff5c9480542e0e3d4c9b032c768c7ce6023", - "unsealed": "0000000000000000000000000000000000000000000000000000000000000000", - "paserk": "k2.seal.10ES-djeXd_5XMrznfTJGDf1zJKWQ0pjvcGyb--vQf-ApdP6zthkiyIX5lR3zfpVzVuZJ4WwWIIXuCtqiTFpeEQmrTch_G91TvQfxOLU2nEBW9_4VeIiFHrQuwL3IdxB" - }, - { - "name": "k2.seal-2", - "expect-fail": false, - "sealing-secret-key": "a770cf90f55d8a6dec51190eb640cb25ce31f7e5eb87a00ca9859022e6da9518a0fbc3dc2f99a538b40fb7616a83cf4276b6cf223fff5a2c2d3236235eb87dc7", - "sealing-public-key": "a0fbc3dc2f99a538b40fb7616a83cf4276b6cf223fff5a2c2d3236235eb87dc7", - "unsealed": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "paserk": "k2.seal.rJZgCJrVrUFRPehByeSoO1wAUxG072_yZcyHKARrNU_ShbDBbW6xKtQl7se_PZZ9z1z484vcWmp0iTWGcVplCj2oZClme5JBCQeYSqc2lDev3xTFgOiRxX71gnnxSBkO" - }, - { - "name": "k2.seal-fail-1", - "expect-fail": true, - "comment": "Invalid authentication tag on sealed key.", - "sealing-secret-key": "a770cf90f55d8a6dec51190eb640cb25ce31f7e5eb87a00ca9859022e6da9518a0fbc3dc2f99a538b40fb7616a83cf4276b6cf223fff5a2c2d3236235eb87dc7", - "sealing-public-key": "a0fbc3dc2f99a538b40fb7616a83cf4276b6cf223fff5a2c2d3236235eb87dc7", - "unsealed": null, - "paserk": "k2.seal.rJZgCJrVrUFRPehByeSoO1wAUxG072_yZcyHKARrNU_ShbDBbW6xKtQl7se_PZZ9z1z484vcWmp0iTWGcVplCj2oZClme5JBCQeYSqc2lDev3xTFgOiRxX71gnnxTClP" - }, - { - "name": "k2.seal-fail-2", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "sealing-secret-key": "a770cf90f55d8a6dec51190eb640cb25ce31f7e5eb87a00ca9859022e6da9518a0fbc3dc2f99a538b40fb7616a83cf4276b6cf223fff5a2c2d3236235eb87dc7", - "sealing-public-key": "a0fbc3dc2f99a538b40fb7616a83cf4276b6cf223fff5a2c2d3236235eb87dc7", - "unsealed": null, - "paserk": "k1.seal.QmXSEH_ei6jX3xvcZ5_l4k53mBTgJSRHWS07MB56tX0hBUqKE-ur-SdjRn68DF_j9BbUSif5kqAn4h7ozfW1IRr4tp26_gVdSN9wUcCMVFpc7kF_unOd8dJlqKuxAxy8pfVRtN5no12JKogWU9EBE1y8iv6k1CDetlU8htQsBhvpcNigBhFooNt8J2UZrNppDSlzO-bqJcz7gPFpqdp31wwCi9PIoaUG52GHTRrm600p6FftQ9V2XdnA5gL0TZQhRG3EstYR9s6p-Irrs7BcqH5QpC0ZRLcnsJHMkSvX79g7fkiJeEHbLRTjE0xUT8sUk6fxgSNJws8XDsBU-4p74OKW3GyZmtbxwhHN6hO4OJHRtV3MoLRJMDUVYCVfDVkEMYXd9kOq9_rRgeP_cCnHhbLncIpEUUfvLB_8OAesU6h88ulKDdsyIs2a7HCrvjfKwni4iz8yAabUf7JTzieoX9zRsYe52i6vmujSgiuiwKS_EbdPTKNiPu308QHfu_bubXYkRXmU6ieziqU1f4FAklxGNK9sZpK_uEYIUrhiT6uqIJmkMU410XFnVwkebd6OGXFoGvvIyaq0iPaF---fHXyCnmI9fyjV0kHy57I18pbDY-ujMUCnjZ-yYYmk2DyhYPURq50yNVptIjx7B8mU660KPWkACO1NUQhIdACDkHseNb7mER71l64A0Hmu9PZB4VHBH4NBhtdvll2vIVcLPk-BdDa1PziJy6QZweIel-IufvLl1awLu67d2D8DJw25NAPuCsdrfZMMqhe02nAmGg" - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k2.secret-pw.json b/tests/test-vectors/k2.secret-pw.json deleted file mode 100644 index 122b0b8..0000000 --- a/tests/test-vectors/k2.secret-pw.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "name": "PASERK k2.secret-pw Test Vectors", - "tests": [ - { - "name": "k2.secret-pw-1", - "expect-fail": false, - "unwrapped": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f1ce56a48c82ff99162a14bc544612674e5d61fb9317e65d4055780fdbcb4dc35", - "password": "correct horse battery staple", - "options": {"memlimit": 67108864, "opslimit": 2}, - "paserk": "k2.secret-pw.I12G0tFFDNu0JAek-KoMfwAAAAAEAAAAAAAAAgAAAAFK3OSPOU7FnOKbFounUz_76j5x5BkywhAxBHrsPqHHxeEYUscYFad-pxZE_A_a3RPJgniCTgwWY7Tf6GTWIghxT9NDg5EYldkQHgJjU7nxavbUOPzcn25E4u4ocpSsrVuzfimCSkxuBNAhdeNkokvQxu-9GKY6pEI" - }, - { - "name": "k2.secret-pw-2", - "expect-fail": false, - "unwrapped": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f1ce56a48c82ff99162a14bc544612674e5d61fb9317e65d4055780fdbcb4dc35", - "password": "correct horse battery staple", - "options": {"memlimit": 268435456, "opslimit": 3}, - "paserk": "k2.secret-pw.LIQIbVTVcP2TVLfagckhYwAAAAAQAAAAAAAAAwAAAAHrQbamWckckJkh0vvEqrUr5GiesF3hIJapT2aXKEWM_oXyyYbwWwMccN2rfTvYiGcngmMuiyTPM8u6tdcEx1gojM_Z00OSokVMGK-8tEN6RfUk8q0HfzCOfXf0nC-1tNoyzuxeVII8ryAwdPYDw119HfjnqVzEphc" - }, - { - "name": "k2.secret-pw-fail-1", - "expect-fail": true, - "comment": "Incorrect password", - "unwrapped": null, - "password": "correct horse battery staplf", - "options": {"memlimit": 268435456, "opslimit": 3}, - "paserk": "k2.secret-pw.LIQIbVTVcP2TVLfagckhYwAAAAAQAAAAAAAAAwAAAAHrQbamWckckJkh0vvEqrUr5GiesF3hIJapT2aXKEWM_oXyyYbwWwMccN2rfTvYiGcngmMuiyTPM8u6tdcEx1gojM_Z00OSokVMGK-8tEN6RfUk8q0HfzCOfXf0nC-1tNoyzuxeVII8ryAwdPYDw119HfjnqVzEphc" - }, - { - "name": "k2.secret-pw-fail-2", - "expect-fail": true, - "comment": "Incorrect authentication tag on ciphertext", - "unwrapped": null, - "password": "correct horse battery staple", - "options": {"memlimit": 268435456, "opslimit": 3}, - "paserk": "k2.secret-pw.LIQIbVTVcP2TVLfagckhYwAAAAAQAAAAAAAAAwAAAAHrQbamWclckJkh0vvEqrUr5GiesF3hIJapT2aXKEWM_oXyyYbwWwMccN2rfTvYiGcngmMuiyTPM8u6tdcEx1gojM_Zx0OSokVM_K-8tEN6RfUk8q0HfzCOfXf0nC-2tNoyzuxeVII8ryAwdPYDw119HfjnqVzEqid" - }, - { - "name": "k2.secret-pw-fail-3", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "unwrapped": null, - "password": "correct horse battery staple", - "options": {"iterations": 10000}, - "paserk": "k1.secret-pw.YUemu4kDAf6-sNoegWlslD7d000--NkLDMJSqRTE0_0AACcQyFhNMsNri6WHD1wamLu_KELW3Kl7g4kKK11qNGSarqwud1ju3WY1qNEWHY1lLz_voaOYkIAp6uC698KxH4XW17oDSAdIhXD_Th-PAL3pibjsFjOaxlwZZlTXQuQgDQzx-YFdo9tGQCIsizs09SqjtuRl4Fk-Cz0yPPeSZo3_Tbw7ipQMgsrSMg9EJ_f_I2QkMlMlA037-HS-b7peM0F2kr-KJkd092UZb7oUB3kKZ-mWHDdfDYPKrpzQifOdofWslOBDvkjcjYkH1g-uV3bjni_KWUeE94Ko8D0vzy7Ka6PFfY82FfgQdWimlLEBHQmPEl5hN0dry86OOJveSqIxt-z-9syq6_Bo7q7cHqaTbczUSkJbE0XnbnbvwkwllN9GNYDaVKZ_yk934Sor5ZVLxlatGDBb-DKKQXt6wIaI-8xGbzv1fbsHWgVo4eAkhTRItecVyTH3C2BT4MUNhEPerg_WCyKuS9HbVDkMEgAMDQQL-voFISjDRanD0uuGXd0ncPbg3XHBaBtPIav3fHPNOq1yXBE4rnNTl_XOFzWzBb_MH4OQlPC53oAJEqihlbSnJASfnEZxDAaLqY7An2I7NZBe9RKayAAhEWZVlBaefPH14INZl-ehnmL4eO-3nPAeSJrffATOmnNTTP2druAu1GcEk9b5T3BaU2qR2xsWjwHtIalDTYLd6cgHeiH1o9_CN4af-r6juxw1v4fNwQen5ezfwzS7J0C5AvBwEWZtFWzXjxZ6Q4hKUEVOV-bSxMk7-PIiiQoZvemF-QCWuZ_NssPavgOwSKjPQCvLMw41_kwTFOX3hMdW11kazHculvHpoAVfHkvdq6yL3xJX9fDmVGDn8iSJIdpZZ0KCh77F3Qd6vq0cRZr_v41QsPPQHZox6859iieIrFtB6kcw2dmxS3NSV_6cRfEAqeZU749SWsZMvyUIG1BD79RW6e0vAANAiEB1plKRDEDdB-D3AB6iUTPqo36KRKv1slSu3FS4ULfFm7pGCAZOBuBndUFtnhqv1RfIMcJXPNzCTSW2HPNDaryIIbd6TxUrzaxbtw8gqjx6jJqv3Lq7eoYTdUF_N4cEsoWJsr7_m426jxsKab4JwZn_1Jouah4HmsmciwWV-V8xqia6wkiC3jQ_hLZvM72p6WTsGMw99la-P7Pria2_GGPeGQ7Q1CV8uUn4ZW82AEhHPbBTAuFtkuSQSMZ4uX7IPC37Hhy8GKvQHqOQopJVgh5TG1RjpevN1KPINvQwcQSdeCowc2vZTJY21fz126UFRara8O-5FMvkFBPWuymbJQdyjTzP22Hz4XyykTPHZMEXZbziyQcOnwGtfF_JFAhVsTgZX6pEDcuFrZykeZ0JkDwkwt0P6kB4iy2ywfGzbMF0Jy-lpTaYHPWT_D8G3QkvnNl0meGx4lasAMThGOylVyyzUomvCB_wMbVbx75A0dO3-3465L5Mihe5MtoPLQ_vJGFo8OJKB02-p0P16L7__axV8_1Vn1e16XKFy4ZUeFFBEuECX1C87zNU-L9CZTjB6dByTHl4xwPLkh_M16BaHAQeaFOji91WzOhDnViFPYSapfLomP-Sr-S-dVgsARqGyDdbZqzNIbnD8tf0ZXps4BMVEDsYTPBH-C1HrulW1BxDBDOuAVD7wJDIyxW8FDrDAIIyoncn0UF8IW5HdkQMF8hphunPE39iZBIBDjIqT58SjYs_AYbqBeUrP8iFgFXoB04yFw7QLYs2H9YIFbqDR6lfBxhZOHjgX68seyPpBWTLi-y9tSjPCbQfqNloLxy4Q2TpMqS7Ximm7HzsQ5zValjGAJ7T7tIsNiz1zeE__nbKDD5sC7ZndwESnmgEy7hOYaNeu-8oxu1w42rJ6Xedt7aOAn3eI1mKcayRxo9K6LxH1mrS_7pCi1UB5R_YseHzarzOIimhN9T50Ndo1axFt5FAoZE_mT5NI2qBpKXADc1bIt4hiARe9be9gD6zYwCHj13Kq1D78TN6W7TPXXqCkcJ5ROCc81B1BAW5w4GjEgq13LqsfBngK-bgpk36ANVN9b1aGdgwh2Il4yOJJqmK3H7birJVTAaO8voHTg0xiD_LYF-gtX4JK87ZInWfeJeUivSsE4y-O3KIS8QWvPZ7FJwI8tQ35IBKvRCKFG4QKHLvwrjS9g81hE2cgTbK-LQ1emr5qbr6_x7wGqdqQa2IHHcyEu8QMSUKkmE21znCMvQU1LZmYjoG-cD2h3DvBsjPFviXmG_KwKJ_2qzZ8xckUeUhw1JVIDYXr5t4eNt3gk2bYWBHa9JSZgN4zr71ooHJwdild6mQGW2qpg" - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k2.secret-wrap.pie.json b/tests/test-vectors/k2.secret-wrap.pie.json deleted file mode 100644 index edfcaaa..0000000 --- a/tests/test-vectors/k2.secret-wrap.pie.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "PASERK k2.secret-wrap.pie Test Vectors", - "tests": [ - { - "name": "k2.secret-wrap.pie-1", - "expect-fail": false, - "unwrapped": "00000000000000000000000000000000000000000000000000000000000000003b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29", - "wrapping-key":"707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k2.secret-wrap.pie.7POlSwAxJP-yZYTi1oIsPC9kI34Ui3oiP0c_mgvZYuZKSbXHRD3g64yyzkDjDysonw-X3_TGKXksOAFhB5VF-tIru8xS8jy9c6xdFaYq459hXBmXLONWJSmtavF-VyXhQeffX0igJRZzxBOelMM9wvHlTKNHiJbEYWGAQRCWsIg" - }, - { - "name": "k2.secret-wrap.pie-2", - "expect-fail": false, - "unwrapped": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f1ce56a48c82ff99162a14bc544612674e5d61fb9317e65d4055780fdbcb4dc35", - "wrapping-key": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "paserk": "k2.secret-wrap.pie.MMdHghvp1yDr2nqeFmrrlsiZC9O4MMfobSKML62CTzofArLMxqRNUA7ONGlUea5IwMFc6G7Nka2PqrBDaXW1yREpuyFcmfgdTmTIwWGHb-SgrgHe5RDg221beOvbo2hxTzjBnXay_hfPsJPA97PPWdYH_9vAa06piaEux94TUoc" - }, - { - "name": "k2.secret-wrap.pie-fail-1", - "expect-fail": true, - "comment": "Invalid authentication tag on ciphertext", - "unwrapped": null, - "wrapping-key": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "paserk": "k2.secret-wrap.pie.MMdHghvp1yDr2nqeFmrrlsiZC9O4MMfobSKML62CTzofArLMxqRNUA7ONGlUea5IwMFc6G7Nka2PqrBDaXW1yREpuyFcmfgdTmTIwWGHb-SgrgHe5RDg221beOvbo2hxTzjBnXay_hfPsJPA97PPWdYH_9vAa06piaEux95TUqd" - }, - { - "name": "k2.secret-wrap.pie-fail-2", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "unwrapped": null, - "wrapping-key": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "paserk": "k1.secret-wrap.pie.6xorqK8MPVRVFSQYBY1QLfKSbR7Ovm835aCiuUzgQJZvbNUHD9v1eqwoamR6iTbvxNm8amFY-JN3OZZPaSHdzOjJ2-Q00p5oEAGFxDTpUHKNoiuHBBnqSyxJrrbyEMbIuyKXlbkoe9b5UNtBkrtCGTyNYEN4E9neZ5bx3tT_JzhZea7weCvUqEpfaxEzNG4ahtcRxL4WmFiyY2WEKkjrxQkCuog6D_7Oo_3UcB6vguNvBgfHwhb0ABOBjAY0YyFUNmXai9CGT42bL_AHLvgcyUtJ6WT-yxQ6iWVDzdtEAngkMKOwM-6nwDH12Agke-YZVyON_GzAezycdk_Ck1DsEec3X6tK9AtK0-zdFE7yxAqn5qIlm-FzUycg36JgwoxD1u1TfXXj0q1uolLBM26P9WFW1wIIeVLjLKcGBH6jdBCqguAOqI9AcwjmvuS6krx4ZUfYH6wEHDzDQlyf-zy8ox0enZMFSWxIkV7ROhxf89eSaC1JSZLvpnS1-otru_9mRyBwxZs9ro2xez7zcfcPDmu_LoqPJ7pqH-9MaUV_KBOPkGGn3uXOC5StW5kuVr_VRBTNpSGCdUi7z2DPsD5Svvcr5t2P5xh8nDeTP7C0aD_L6zNO3tQXpxWnG2adynm3SCfMIkQu3GbvYy8B2uBInxDvwmljQOSHoH4kS5D5K1BCCv6Wf7NgePiiPLN6cr3JRdvbzE6OU3y6BAcFBP9NoUivbl5NSBkLWgrwV6vNtZJl3P1vngqa3A38wqc1hGfWBJvRYwJ9HDcL8IYFoCKRSq-e824jhQE5wogpgmHYucVKlBoOJNZA2YxfHuCfF3ak644Ok2Tyab5tvYVrWkZZA70k87Hom9F-5Olf5fp2Kw4oCdJh6re3SZOG-aUq8jMknMafoinIyHCe-wp6JWOlPZfUYaWNFFxXGTi7sx58UI5QN4nUNbe-Zq4ky21QGHXXcTQvNENr1nnECdR2Q8FYtitBKXoxNStWqT-vtgFgUNSiRnr1yL8Nqt_X-kWPuN9sY42JbfPfDuIJPpL35ZTHlZDZpZamDj-h6WRFJW7gd3MlJ6KFSOw3JAuuDvoPRe0_LaWQF2yDiI2YIPl05zWZREluEyTS2Xkh6JZ6Zb5ioZ_rXE5yP0jFS8ImPNKAHg9hlhtAc97hc23T5DxIOQeMojg2mSUPMESg5p4Ctdm0LAHxy1h-ithNe6_nLZPmbtj0Hq1cU9QQyNGWkLDFQNeN2k1-cPF4EeSSJGo__lD-75VqQTSTf35p4QQd1nndsdFVpyTI1VzS2RaxVCvNotVUw8_AICYz08CkUJqP-EAVkpYKbCTAAS_gpT-3glOtBBoTq9gTq1fg-_u3arB4NmxAD-0X21XVHsfUkoJz-K2RZmBfQCzCqmLTqnzPL14omLgdtlr5BVyo_u6Uyk2vxCfFTrjkuDVh3twbM2PLYj7yUah6D_t5nViy85RLLprjcUkXaddfuQwj2AAAqI_r4_IpieRZOiVB7YKDGhxraQg18Jo1XJdV3lO8ADGtHM59x-CeaNTsYpk_S10adTtaqcbQb95kYRfNIxnQrbacLtEePRHVpng4hVF0FZtZAqjT8DroaozBIQEoqivAXryMTgGBLWhpBQa3ssnDY90-Wh20yS-7Do7YmYewRPGb22eSKHL45Y2NHriqYr_nAo6o-km0ZN6FfGBbCuE" - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k2.secret.json b/tests/test-vectors/k2.secret.json deleted file mode 100644 index de81461..0000000 --- a/tests/test-vectors/k2.secret.json +++ /dev/null @@ -1,46 +0,0 @@ -{ - "name": "PASERK k2.secret Test Vectors", - "tests": [ - { - "name": "k2.secret-1", - "expect-fail": false, - "key": "00000000000000000000000000000000000000000000000000000000000000003b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29", - "secret-key-seed": "0000000000000000000000000000000000000000000000000000000000000000", - "public-key": "3b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29", - "paserk": "k2.secret.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7aie8zrakLWKjqNAqbw1zZTIVdx3iQ6Y6wEihi1naKQ" - }, - { - "name": "k2.secret-2", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f1ce56a48c82ff99162a14bc544612674e5d61fb9317e65d4055780fdbcb4dc35", - "secret-key-seed": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "public-key": "1ce56a48c82ff99162a14bc544612674e5d61fb9317e65d4055780fdbcb4dc35", - "paserk": "k2.secret.cHFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjo8c5WpIyC_5kWKhS8VEYSZ05dYfuTF-ZdQFV4D9vLTcNQ" - }, - { - "name": "k2.secret-3", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e9060fe37571a5d6e7d30b15154ce4a9fb92c70c870848f4ccdf1626588097f73f7", - "secret-key-seed": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e90", - "public-key": "60fe37571a5d6e7d30b15154ce4a9fb92c70c870848f4ccdf1626588097f73f7", - "paserk": "k2.secret.cHFyc3R1dnd4eXp7fH1-f4CBgoOEhYaHiImKi4yNjpBg_jdXGl1ufTCxUVTOSp-5LHDIcISPTM3xYmWICX9z9w" - }, - { - "name": "k2.secret-fail-1", - "expect-fail": true, - "comment": "Short keys must be rejected", - "key": "7172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e9060fe37571a5d6e7d30b15154ce4a9fb92c70c870848f4ccdf1626588097f73", - "secret-key-seed": "7172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e90", - "public-key": "60fe37571a5d6e7d30b15154ce4a9fb92c70c870848f4ccdf1626588097f73f7", - "paserk": null - }, - { - "name": "k2.secret-fail-2", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9\nGCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N\n02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJ\nAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNx\nkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6alUyhKC1+1w/FW6HWcp/JG1kKC8DPI\nidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQABAoIBAF22jLDa34yKdns3\nqfd7to+C3D5hRzAcMn6Azvf9qc+VybEI6RnjTHxDZWK5EajSP4/sQ15e8ivUk0Jo\nWdJ53feL+hnQvwsab28gghSghrxM2kGwGA1XgO+SVawqJt8SjvE+Q+//01ZKK0Oy\nA0cDJjX3L9RoPUN/moMeAPFw0hqkFEhm72GSVCEY1eY+cOXmL3icxnsnlUD//SS9\nq33RxF2y5oiW1edqcRqhW/7L1yYMbxHFUcxWh8WUwjn1AAhoCOUzF8ZB+0X/PPh+\n1nYoq6xwqL0ZKDwrQ8SDhW/rNDLeO9gic5rl7EetRQRbFvsZ40AdsX2wU+lWFUkB\n42AjuoECgYEA5z/CXqDFfZ8MXCPAOeui8y5HNDtu30aR+HOXsBDnRI8huXsGND04\nFfmXR7nkghr08fFVDmE4PeKUk810YJb+IAJo8wrOZ0682n6yEMO58omqKin+iIUV\nrPXLSLo5CChrqw2J4vgzolzPw3N5I8FJdLomb9FkrV84H+IviPIylyECgYEA3znw\nAG29QX6ATEfFpGVOcogorHCntd4niaWCq5ne5sFL+EwLeVc1zD9yj1axcDelICDZ\nxCZynU7kDnrQcFkT0bjH/gC8Jk3v7XT9l1UDDqC1b7rm/X5wFIZ/rmNa1rVZhL1o\n/tKx5tvM2syJ1q95v7NdygFIEIW+qbIKbc6Wz0MCgYBsUZdQD+qx/xAhELX364I2\nepTryHMUrs+tGygQVrqdiJX5dcDgM1TUJkdQV6jLsKjPs4Vt6OgZRMrnuLMsk02R\n3M8gGQ25ok4f4nyyEZxGGWnVujn55KzUiYWhGWmhgp18UCkoYa59/Q9ss+gocV9h\nB9j9Q43vD80QUjiF4z0DQQKBgC7XQX1VibkMim93QAnXGDcAS0ij+w02qKVBjcHk\nb9mMBhz8GAxGOIu7ZJafYmxhwMyVGB0I1FQeEczYCJUKnBYN6Clsjg6bnBT/z5bJ\nx/Jx1qCzX3Uh6vLjpjc5sf4L39Tyye1u2NXQmZPwB5x9BdcsFConSq/s4K1LJtUT\n3KFxAoGBANGcQ8nObi3m4wROyKrkCWcWxFFMnpwxv0pW727Hn9wuaOs4UbesCnwm\npcMTfzGUDuzYXCtAq2pJl64HG6wsdkWmjBTJEpm6b9ibOBN3qFV2zQ0HyyKlMWxI\nuVSj9gOo61hF7UH9XB6R4HRdlpBOuIbgAWZ46dkj9/HM9ovdP0Iy\n-----END RSA PRIVATE KEY-----", - "public-key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p5GHgwoGW\nwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwx\nKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1\nOt0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAA\npVRuUI2Sd6L1E2vl9bSBumZ5IpNxkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6al\nUyhKC1+1w/FW6HWcp/JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8\nowIDAQAB\n-----END PUBLIC KEY-----", - "paserk": null - } - ] -} \ No newline at end of file diff --git a/tests/test-vectors/k2.sid.json b/tests/test-vectors/k2.sid.json deleted file mode 100644 index 6697718..0000000 --- a/tests/test-vectors/k2.sid.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "name": "PASERK k2.sid Test Vectors", - "tests": [ - { - "name": "k2.sid-1", - "expect-fail": false, - "key": "00000000000000000000000000000000000000000000000000000000000000003b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29", - "seed": "0000000000000000000000000000000000000000000000000000000000000000", - "paserk": "k2.sid.72HIqql6GuWauqz7l11ZvNufO04l7Lwk1X_uPpbsx9E8" - }, - { - "name": "k2.sid-2", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f1ce56a48c82ff99162a14bc544612674e5d61fb9317e65d4055780fdbcb4dc35", - "seed": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f", - "paserk": "k2.sid.9wfgiRJhydmagHQ9kKOOxQm3OXRTCPxkelCzxw1sJRkV" - }, - { - "name": "k2.sid-3", - "expect-fail": false, - "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e9060fe37571a5d6e7d30b15154ce4a9fb92c70c870848f4ccdf1626588097f73f7", - "seed": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e90", - "paserk": "k2.sid.t22mHkArR7jNtHWm6VzMQ6nMPP3Ab0AyX3rymFdIVG0T" - }, - { - "name": "k2.sid-fail-1", - "expect-fail": true, - "comment": "Implementations MUST NOT accept a PASERK of the wrong version.", - "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAyaTgTt53ph3p5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9\nGCjNFCd723nCHxBtN1qd74MSh/uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N\n02HnanxFLW+gmLbgYO/SZYfWF/M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJ\nAZTU5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5IpNx\nkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6alUyhKC1+1w/FW6HWcp/JG1kKC8DPI\nidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQABAoIBAF22jLDa34yKdns3\nqfd7to+C3D5hRzAcMn6Azvf9qc+VybEI6RnjTHxDZWK5EajSP4/sQ15e8ivUk0Jo\nWdJ53feL+hnQvwsab28gghSghrxM2kGwGA1XgO+SVawqJt8SjvE+Q+//01ZKK0Oy\nA0cDJjX3L9RoPUN/moMeAPFw0hqkFEhm72GSVCEY1eY+cOXmL3icxnsnlUD//SS9\nq33RxF2y5oiW1edqcRqhW/7L1yYMbxHFUcxWh8WUwjn1AAhoCOUzF8ZB+0X/PPh+\n1nYoq6xwqL0ZKDwrQ8SDhW/rNDLeO9gic5rl7EetRQRbFvsZ40AdsX2wU+lWFUkB\n42AjuoECgYEA5z/CXqDFfZ8MXCPAOeui8y5HNDtu30aR+HOXsBDnRI8huXsGND04\nFfmXR7nkghr08fFVDmE4PeKUk810YJb+IAJo8wrOZ0682n6yEMO58omqKin+iIUV\nrPXLSLo5CChrqw2J4vgzolzPw3N5I8FJdLomb9FkrV84H+IviPIylyECgYEA3znw\nAG29QX6ATEfFpGVOcogorHCntd4niaWCq5ne5sFL+EwLeVc1zD9yj1axcDelICDZ\nxCZynU7kDnrQcFkT0bjH/gC8Jk3v7XT9l1UDDqC1b7rm/X5wFIZ/rmNa1rVZhL1o\n/tKx5tvM2syJ1q95v7NdygFIEIW+qbIKbc6Wz0MCgYBsUZdQD+qx/xAhELX364I2\nepTryHMUrs+tGygQVrqdiJX5dcDgM1TUJkdQV6jLsKjPs4Vt6OgZRMrnuLMsk02R\n3M8gGQ25ok4f4nyyEZxGGWnVujn55KzUiYWhGWmhgp18UCkoYa59/Q9ss+gocV9h\nB9j9Q43vD80QUjiF4z0DQQKBgC7XQX1VibkMim93QAnXGDcAS0ij+w02qKVBjcHk\nb9mMBhz8GAxGOIu7ZJafYmxhwMyVGB0I1FQeEczYCJUKnBYN6Clsjg6bnBT/z5bJ\nx/Jx1qCzX3Uh6vLjpjc5sf4L39Tyye1u2NXQmZPwB5x9BdcsFConSq/s4K1LJtUT\n3KFxAoGBANGcQ8nObi3m4wROyKrkCWcWxFFMnpwxv0pW727Hn9wuaOs4UbesCnwm\npcMTfzGUDuzYXCtAq2pJl64HG6wsdkWmjBTJEpm6b9ibOBN3qFV2zQ0HyyKlMWxI\nuVSj9gOo61hF7UH9XB6R4HRdlpBOuIbgAWZ46dkj9/HM9ovdP0Iy\n-----END RSA PRIVATE KEY-----", - "paserk": null - } - ] -} \ No newline at end of file From 94a38893794cdfeb6c2eb0c6bb8e632062d8559a Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Fri, 3 Jun 2022 04:23:44 -0400 Subject: [PATCH 3/7] Remove older PHP versions --- .github/workflows/ci.yml | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6f938aa..3e85fb2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,38 +3,13 @@ name: CI on: [push] jobs: - moderate: - name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }} - runs-on: ${{ matrix.operating-system }} - strategy: - matrix: - operating-system: ['ubuntu-latest'] - php-versions: ['7.1', '7.2', '7.3'] - phpunit-versions: ['latest'] - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Setup PHP - uses: shivammathur/setup-php@v2 - with: - php-version: ${{ matrix.php-versions }} - extensions: gmp, mbstring, intl, sodium - ini-values: max_execution_time=180 - - - name: Install dependencies - run: composer install - - - name: Test Suite - run: composer test - modern: name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }} runs-on: ${{ matrix.operating-system }} strategy: matrix: operating-system: ['ubuntu-latest'] - php-versions: ['7.4', '8.0', '8.1'] + php-versions: ['8.1'] phpunit-versions: ['latest'] steps: - name: Checkout From 8b1b0dd81ebd4f3700b3c2088ef1d257d3f680b4 Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Fri, 3 Jun 2022 13:38:37 -0400 Subject: [PATCH 4/7] Use property types --- src/ConstraintTrait.php | 6 +++--- src/Operations/PBKW.php | 1 - src/Operations/PKE.php | 31 +++++++++++++++---------------- tests/KAT/LocalPWTest.php | 2 ++ tests/KAT/LocalTest.php | 2 ++ tests/KAT/PidTest.php | 9 +++++++++ tests/KAT/PublicTest.php | 7 +++++++ tests/KAT/SecretTest.php | 6 ++++++ tests/KAT/SecretWrapPieTest.php | 2 +- tests/KAT/SidTest.php | 19 +++++++++++++++++++ tests/KnownAnswers.php | 4 ++-- tests/Operations/PBKWTest.php | 2 +- tests/Operations/PKETest.php | 2 +- tests/Operations/Wrap/PieTest.php | 4 ++-- tests/Operations/WrapTest.php | 4 ++-- tests/Types/LocalPWTest.php | 2 +- tests/Types/LocalTest.php | 11 +++++++++-- tests/Types/LocalWrapTest.php | 18 ++++++++++++++++-- tests/Types/PublicTest.php | 16 +++++++++++++--- tests/Types/SealTest.php | 4 +++- tests/Types/SecretPWTest.php | 2 +- tests/Types/SecretTest.php | 3 ++- tests/Types/SecretWrapTest.php | 8 +++++--- 23 files changed, 122 insertions(+), 43 deletions(-) diff --git a/src/ConstraintTrait.php b/src/ConstraintTrait.php index 2a69736..f0e8fae 100644 --- a/src/ConstraintTrait.php +++ b/src/ConstraintTrait.php @@ -8,15 +8,15 @@ trait ConstraintTrait { /** @var ?ProtocolCollection $collection */ - protected $collection; + protected ?ProtocolCollection $collection; /** * Specify the allowed protocols for this PASERK type. * * @param ProtocolCollection|null $collection - * @return self + * @return static */ - public function setProtocolsAllowed(?ProtocolCollection $collection = null): self + public function setProtocolsAllowed(?ProtocolCollection $collection = null): static { $this->collection = $collection; return $this; diff --git a/src/Operations/PBKW.php b/src/Operations/PBKW.php index d384efc..7d2bff6 100644 --- a/src/Operations/PBKW.php +++ b/src/Operations/PBKW.php @@ -28,7 +28,6 @@ class PBKW const DOMAIN_SEPARATION_ENCRYPT = "\xff"; const DOMAIN_SEPARATION_AUTH = "\xfe"; - /** @var PBKWInterface $wrapper */ protected PBKWInterface $wrapper; /** diff --git a/src/Operations/PKE.php b/src/Operations/PKE.php index d9026f2..ff5c73b 100644 --- a/src/Operations/PKE.php +++ b/src/Operations/PKE.php @@ -28,7 +28,6 @@ class PKE const DOMAIN_SEPARATION_ENCRYPT = "\x01"; const DOMAIN_SEPARATION_AUTH = "\x02"; - /** @var ProtocolInterface $version */ protected ProtocolInterface $version; public function __construct(ProtocolInterface $version) @@ -36,6 +35,21 @@ public function __construct(ProtocolInterface $version) $this->version = $version; } + /** + * @return PKEInterface + * @throws PaserkException + */ + public function getSealer(): PKEInterface + { + return match ($this->version::header()) { + 'v3' => new PKEv3(), + 'v4' => new PKEv4(), + default => throw new PaserkException( + 'Unknown version: ' . $this->version::header() + ), + }; + } + /** * @param SymmetricKey $ptk Symmetric key to seal with this public key * @param SealingPublicKey $pk Wrapping key @@ -57,21 +71,6 @@ public function seal(SymmetricKey $ptk, SealingPublicKey $pk): string return $sealer::header() . $sealer->seal($ptk, $pk); } - /** - * @return PKEInterface - * @throws PaserkException - */ - public function getSealer(): PKEInterface - { - return match ($this->version::header()) { - 'v3' => new PKEv3(), - 'v4' => new PKEv4(), - default => throw new PaserkException( - 'Unknown version: ' . $this->version::header() - ), - }; - } - /** * @param string $paserk * @param SealingSecretKey $sk Unwrapping key diff --git a/tests/KAT/LocalPWTest.php b/tests/KAT/LocalPWTest.php index 6971f14..be6c66f 100644 --- a/tests/KAT/LocalPWTest.php +++ b/tests/KAT/LocalPWTest.php @@ -7,6 +7,7 @@ use ParagonIE\Paserk\PaserkException; use ParagonIE\Paserk\Types\LocalPW; use ParagonIE\Paserk\Tests\KnownAnswers; +use ParagonIE\Paseto\Exception\InvalidVersionException; use ParagonIE\Paseto\Protocol\{ Version3, Version4 @@ -34,6 +35,7 @@ public function testV4() * @param string $name * @param array $tests * + * @throws InvalidVersionException * @throws PaserkException */ protected function genericTest(ProtocolInterface $version, string $name, array $tests): void diff --git a/tests/KAT/LocalTest.php b/tests/KAT/LocalTest.php index 2ea0ab3..022b481 100644 --- a/tests/KAT/LocalTest.php +++ b/tests/KAT/LocalTest.php @@ -6,6 +6,7 @@ use ParagonIE\Paserk\PaserkException; use ParagonIE\Paserk\Tests\KnownAnswers; use ParagonIE\Paserk\Types\Local; +use ParagonIE\Paseto\Exception\InvalidVersionException; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\ProtocolInterface; use ParagonIE\Paseto\Protocol\{ @@ -29,6 +30,7 @@ public function testV4() } /** + * @throws InvalidVersionException * @throws PaserkException */ protected function genericTest(ProtocolInterface $version, string $name, array $tests): void diff --git a/tests/KAT/PidTest.php b/tests/KAT/PidTest.php index c7412e7..c793242 100644 --- a/tests/KAT/PidTest.php +++ b/tests/KAT/PidTest.php @@ -10,6 +10,7 @@ use ParagonIE\Paseto\Exception\PasetoException; use ParagonIE\Paseto\Keys\AsymmetricPublicKey; use ParagonIE\Paseto\ProtocolInterface; +use SodiumException; use ParagonIE\Paseto\Protocol\{ Version3, Version4 @@ -38,6 +39,14 @@ protected function getPublicKey(ProtocolInterface $version, string $key): Asymme return new AsymmetricPublicKey(Hex::decode($key), $version); } + /** + * @param ProtocolInterface $version + * @param string $name + * @param array $tests + * + * @throws PaserkException + * @throws SodiumException + */ protected function genericTest(ProtocolInterface $version, string $name, array $tests): void { foreach ($tests as $test) { diff --git a/tests/KAT/PublicTest.php b/tests/KAT/PublicTest.php index c361d6b..7b10a16 100644 --- a/tests/KAT/PublicTest.php +++ b/tests/KAT/PublicTest.php @@ -31,6 +31,13 @@ public function testV4() $this->doJsonTest(new Version4(), 'k4.public.json'); } + /** + * @param ProtocolInterface $version + * @param string $key + * @return AsymmetricPublicKey + * + * @throws Exception + */ protected function getPublicKey(ProtocolInterface $version, string $key): AsymmetricPublicKey { return new AsymmetricPublicKey(Hex::decode($key), $version); diff --git a/tests/KAT/SecretTest.php b/tests/KAT/SecretTest.php index 8da2248..24cc208 100644 --- a/tests/KAT/SecretTest.php +++ b/tests/KAT/SecretTest.php @@ -31,6 +31,12 @@ public function testV4() $this->doJsonTest(new Version4(), 'k4.secret.json'); } + /** + * @param ProtocolInterface $version + * @param string $key + * @return AsymmetricSecretKey + * @throws Exception + */ protected function getSecretKey(ProtocolInterface $version, string $key): AsymmetricSecretKey { return new AsymmetricSecretKey(Hex::decode($key), $version); diff --git a/tests/KAT/SecretWrapPieTest.php b/tests/KAT/SecretWrapPieTest.php index 1c0adbf..de2357f 100644 --- a/tests/KAT/SecretWrapPieTest.php +++ b/tests/KAT/SecretWrapPieTest.php @@ -6,8 +6,8 @@ use ParagonIE\Paserk\Operations\Wrap; use ParagonIE\Paserk\Operations\Wrap\Pie; use ParagonIE\Paserk\PaserkException; -use ParagonIE\Paserk\Types\SecretWrap; use ParagonIE\Paserk\Tests\KnownAnswers; +use ParagonIE\Paserk\Types\SecretWrap; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ Version3, diff --git a/tests/KAT/SidTest.php b/tests/KAT/SidTest.php index 9b032e5..032b2f7 100644 --- a/tests/KAT/SidTest.php +++ b/tests/KAT/SidTest.php @@ -2,14 +2,17 @@ declare(strict_types=1); namespace ParagonIE\Paserk\Tests\KAT; +use Exception; use FG\ASN1\Exception\ParserException; use ParagonIE\ConstantTime\Hex; use ParagonIE\Paserk\PaserkException; use ParagonIE\Paserk\Tests\KnownAnswers; use ParagonIE\Paserk\Types\Sid; +use ParagonIE\Paseto\Exception\InvalidVersionException; use ParagonIE\Paseto\Exception\PasetoException; use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\ProtocolInterface; +use SodiumException; use ParagonIE\Paseto\Protocol\{ Version3, Version4 @@ -30,11 +33,27 @@ public function testV4() $this->doJsonTest(new Version4(), 'k4.sid.json'); } + /** + * @param ProtocolInterface $version + * @param string $key + * @return AsymmetricSecretKey + * + * @throws Exception + */ protected function getSecretKey(ProtocolInterface $version, string $key): AsymmetricSecretKey { return new AsymmetricSecretKey(Hex::decode($key), $version); } + /** + * @param ProtocolInterface $version + * @param string $name + * @param array $tests + * + * @throws PaserkException + * @throws InvalidVersionException + * @throws SodiumException + */ protected function genericTest(ProtocolInterface $version, string $name, array $tests): void { foreach ($tests as $test) { diff --git a/tests/KnownAnswers.php b/tests/KnownAnswers.php index 1e02f97..4c908ad 100644 --- a/tests/KnownAnswers.php +++ b/tests/KnownAnswers.php @@ -13,10 +13,10 @@ abstract class KnownAnswers extends TestCase { /** @var string $dir */ - protected $dir; + protected string $dir; /** @var ProtocolInterface[] $versions */ - protected $versions; + protected array $versions; public function setUp(): void { diff --git a/tests/Operations/PBKWTest.php b/tests/Operations/PBKWTest.php index b7646dd..d9f2a4b 100644 --- a/tests/Operations/PBKWTest.php +++ b/tests/Operations/PBKWTest.php @@ -23,7 +23,7 @@ class PBKWTest extends TestCase { /** @var ProtocolInterface[] */ - protected $versions = []; + protected array $versions = []; public function setUp(): void { diff --git a/tests/Operations/PKETest.php b/tests/Operations/PKETest.php index 47acbed..3c9177c 100644 --- a/tests/Operations/PKETest.php +++ b/tests/Operations/PKETest.php @@ -22,7 +22,7 @@ class PKETest extends TestCase { /** @var ProtocolInterface[] */ - protected $versions = []; + protected array $versions = []; public function setUp(): void { diff --git a/tests/Operations/Wrap/PieTest.php b/tests/Operations/Wrap/PieTest.php index c031022..0f1574f 100644 --- a/tests/Operations/Wrap/PieTest.php +++ b/tests/Operations/Wrap/PieTest.php @@ -18,8 +18,8 @@ */ class PieTest extends TestCase { - protected $v3 = []; - protected $v4 = []; + protected array $v3 = []; + protected array $v4 = []; public function setUp(): void { diff --git a/tests/Operations/WrapTest.php b/tests/Operations/WrapTest.php index 7f55ac0..c6916a8 100644 --- a/tests/Operations/WrapTest.php +++ b/tests/Operations/WrapTest.php @@ -19,8 +19,8 @@ */ class WrapTest extends TestCase { - protected $v3 = []; - protected $v4 = []; + protected array $v3 = []; + protected array $v4 = []; public function setUp(): void { diff --git a/tests/Types/LocalPWTest.php b/tests/Types/LocalPWTest.php index c485c64..c3fa68e 100644 --- a/tests/Types/LocalPWTest.php +++ b/tests/Types/LocalPWTest.php @@ -21,7 +21,7 @@ class LocalPWTest extends TestCase { /** @var ProtocolInterface[] */ - protected $versions = []; + protected array $versions = []; public function setUp(): void { diff --git a/tests/Types/LocalTest.php b/tests/Types/LocalTest.php index b5b8a98..ba7b601 100644 --- a/tests/Types/LocalTest.php +++ b/tests/Types/LocalTest.php @@ -5,6 +5,8 @@ use ParagonIE\Paserk\PaserkException; use ParagonIE\Paserk\Types\Local; use ParagonIE\Paserk\Types\PublicType; +use ParagonIE\Paseto\Exception\InvalidVersionException; +use ParagonIE\Paseto\Exception\PasetoException; use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ @@ -21,8 +23,8 @@ */ class LocalTest extends TestCase { - protected $v3key; - protected $v4key; + protected SymmetricKey $v3key; + protected SymmetricKey $v4key; public function setUp(): void { @@ -32,6 +34,7 @@ public function setUp(): void /** * @throws PaserkException + * @throws InvalidVersionException */ public function testEncode() { @@ -48,6 +51,10 @@ public function testEncode() } } + /** + * @throws PaserkException + * @throws PasetoException + */ public function testRejectPublic() { $keypair = AsymmetricSecretKey::generate(new Version4()); diff --git a/tests/Types/LocalWrapTest.php b/tests/Types/LocalWrapTest.php index 09ca1a0..1aabca7 100644 --- a/tests/Types/LocalWrapTest.php +++ b/tests/Types/LocalWrapTest.php @@ -2,14 +2,20 @@ declare(strict_types=1); namespace ParagonIE\Paserk\Tests\Types; -use ParagonIE\Paserk\Types\Lid; -use ParagonIE\Paserk\Types\LocalWrap; +use Exception; +use ParagonIE\Paserk\{ + PaserkException, + Types\Lid, + Types\LocalWrap +}; +use ParagonIE\Paseto\Exception\InvalidVersionException; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ Version3, Version4 }; use PHPUnit\Framework\TestCase; +use SodiumException; /** * Class LocalWrapTest @@ -22,12 +28,20 @@ class LocalWrapTest extends TestCase protected SymmetricKey $v3key; protected SymmetricKey $v4key; + /** + * @throws Exception + */ public function setUp(): void { $this->v3key = SymmetricKey::generate(new Version3()); $this->v4key = SymmetricKey::generate(new Version4()); } + /** + * @throws PaserkException + * @throws InvalidVersionException + * @throws SodiumException + */ public function testWrap() { /** @var SymmetricKey $key */ diff --git a/tests/Types/PublicTest.php b/tests/Types/PublicTest.php index 44933de..9c9703c 100644 --- a/tests/Types/PublicTest.php +++ b/tests/Types/PublicTest.php @@ -2,12 +2,13 @@ declare(strict_types=1); namespace ParagonIE\Paserk\Tests\Types; +use Exception; use ParagonIE\Paserk\PaserkException; +use ParagonIE\Paseto\Exception\InvalidVersionException; +use ParagonIE\Paseto\Exception\PasetoException; use ParagonIE\Paseto\Keys\AsymmetricPublicKey; use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\Protocol\{ - Version1, - Version2, Version3, Version4 }; @@ -28,7 +29,7 @@ class PublicTest extends TestCase protected AsymmetricSecretKey $v4sk; /** - * @throws \Exception + * @throws Exception */ public function setUp(): void { @@ -38,6 +39,11 @@ public function setUp(): void $this->v4pk = $this->v4sk->getPublicKey(); } + /** + * @throws InvalidVersionException + * @throws PaserkException + * @throws PasetoException + */ public function testEncodeDecode() { /** @var AsymmetricPublicKey $key */ @@ -53,6 +59,10 @@ public function testEncodeDecode() } } + /** + * @throws PaserkException + * @throws PasetoException + */ public function testRejectSecret() { $public = new PublicType(); diff --git a/tests/Types/SealTest.php b/tests/Types/SealTest.php index e4029cf..631e902 100644 --- a/tests/Types/SealTest.php +++ b/tests/Types/SealTest.php @@ -12,6 +12,7 @@ Lid, Seal }; +use ParagonIE\Paseto\Exception\InvalidVersionException; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\{ Version3, @@ -30,7 +31,7 @@ class SealTest extends TestCase { /** @var ProtocolInterface[] */ - protected $versions = []; + protected array $versions = []; public function setUp(): void { @@ -44,6 +45,7 @@ public function setUp(): void * @throws NotImplementedException * @throws PaserkException * @throws SodiumException + * @throws InvalidVersionException */ public function testSeal() { diff --git a/tests/Types/SecretPWTest.php b/tests/Types/SecretPWTest.php index 71a73b2..6d56eb3 100644 --- a/tests/Types/SecretPWTest.php +++ b/tests/Types/SecretPWTest.php @@ -21,7 +21,7 @@ class SecretPWTest extends TestCase { /** @var ProtocolInterface[] */ - protected $versions = []; + protected array $versions = []; public function setUp(): void { diff --git a/tests/Types/SecretTest.php b/tests/Types/SecretTest.php index 14ba21f..595a1dd 100644 --- a/tests/Types/SecretTest.php +++ b/tests/Types/SecretTest.php @@ -12,6 +12,7 @@ }; use PHPUnit\Framework\TestCase; use ParagonIE\Paserk\Types\SecretType; +use Exception; /** * Class PublicTest @@ -27,7 +28,7 @@ class SecretTest extends TestCase protected AsymmetricSecretKey $v4sk; /** - * @throws \Exception + * @throws Exception */ public function setUp(): void { diff --git a/tests/Types/SecretWrapTest.php b/tests/Types/SecretWrapTest.php index 29e952c..e863ac9 100644 --- a/tests/Types/SecretWrapTest.php +++ b/tests/Types/SecretWrapTest.php @@ -4,9 +4,11 @@ use ParagonIE\Paserk\Types\SecretWrap; use ParagonIE\Paserk\Types\Sid; -use ParagonIE\Paseto\Keys\AsymmetricPublicKey; -use ParagonIE\Paseto\Keys\AsymmetricSecretKey; -use ParagonIE\Paseto\Keys\SymmetricKey; +use ParagonIE\Paseto\Keys\{ + AsymmetricPublicKey, + AsymmetricSecretKey, + SymmetricKey +}; use ParagonIE\Paseto\Protocol\{ Version3, Version4 From 92aacbaff3398dffb0bed5e2fa300419e21dc1de Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Fri, 3 Jun 2022 13:39:23 -0400 Subject: [PATCH 5/7] Initialize to null --- src/ConstraintTrait.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ConstraintTrait.php b/src/ConstraintTrait.php index f0e8fae..eb51b9c 100644 --- a/src/ConstraintTrait.php +++ b/src/ConstraintTrait.php @@ -8,7 +8,7 @@ trait ConstraintTrait { /** @var ?ProtocolCollection $collection */ - protected ?ProtocolCollection $collection; + protected ?ProtocolCollection $collection = null; /** * Specify the allowed protocols for this PASERK type. From 5dd7f440d0e9d0d745e3ad523bda5195c4888750 Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Fri, 3 Jun 2022 13:42:17 -0400 Subject: [PATCH 6/7] Update README.md --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 803c97c..dc41135 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,17 @@ The PASERK Specification can be found [in this repository](https://github.com/pa composer require paragonie/paserk ``` +### PASERK Library Versions + +* PASERK PHP Version 2 + * Requires PHP 8.1+ + * PASETO versions: `v3`, `v4` + * This means only the corresponding `k3` and `k4` modes are implemented. +* [PASERK PHP Version 1](https://github.com/paragonie/paserk-php/tree/v1.x) + * Requires PHP 7.1+ + * PASETO versions: `v1`, `v2`, `v3`, `v4` + * This provides a stable reference implementation for the PASERK specification. + ## Documentation See [this directory](docs) for the documentation. From 87960f4849c02de1de2bb993608159e21012567f Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Fri, 3 Jun 2022 13:55:11 -0400 Subject: [PATCH 7/7] Boyscouting --- src/Operations/PBKW.php | 5 +++-- src/Operations/PBKW/PBKWv3.php | 3 ++- src/Operations/PKE/PKEv4.php | 9 +++++++-- src/Types/Lid.php | 2 ++ src/Types/Local.php | 3 ++- src/Types/LocalPW.php | 12 ++++++++---- src/Types/LocalWrap.php | 7 ++++--- src/Types/Pid.php | 7 +++++-- src/Types/PublicType.php | 1 + src/Types/Seal.php | 6 +++--- src/Types/SecretPW.php | 10 ++++++---- src/Types/SecretType.php | 2 +- src/Types/SecretWrap.php | 4 ++-- src/Util.php | 1 + tests/KAT/LocalPWTest.php | 3 ++- tests/KAT/LocalWrapPieTest.php | 3 ++- tests/KAT/PidTest.php | 6 ++++-- tests/KAT/PublicTest.php | 5 +++-- tests/KAT/SealTest.php | 3 ++- tests/KAT/SecretPWTest.php | 3 ++- tests/KAT/SecretTest.php | 5 +++-- tests/KAT/SecretWrapPieTest.php | 3 ++- tests/KAT/SidTest.php | 3 ++- tests/KnownAnswers.php | 3 ++- tests/Operations/Wrap/PieTest.php | 2 +- tests/Types/SecretWrapTest.php | 3 ++- 26 files changed, 74 insertions(+), 40 deletions(-) diff --git a/src/Operations/PBKW.php b/src/Operations/PBKW.php index 7d2bff6..845b0e2 100644 --- a/src/Operations/PBKW.php +++ b/src/Operations/PBKW.php @@ -13,6 +13,7 @@ SymmetricKey }; use ParagonIE\Paseto\ProtocolInterface; +use TypeError; use function array_pop, explode, @@ -99,7 +100,7 @@ public function localPwUnwrap( $password ); if (!($unwrapped instanceof SymmetricKey)) { - throw new \TypeError(); + throw new TypeError(); } return $unwrapped; } @@ -148,7 +149,7 @@ public function secretPwUnwrap( $password ); if (!($unwrapped instanceof AsymmetricSecretKey)) { - throw new \TypeError(); + throw new TypeError(); } return $unwrapped; } diff --git a/src/Operations/PBKW/PBKWv3.php b/src/Operations/PBKW/PBKWv3.php index 07650ba..8e327a9 100644 --- a/src/Operations/PBKW/PBKWv3.php +++ b/src/Operations/PBKW/PBKWv3.php @@ -144,7 +144,8 @@ public function wrapWithPassword( * @param string $wrapped * @param HiddenString $password * @return KeyInterface - * @throws \Exception + * + * @throws Exception */ public function unwrapWithPassword( string $header, diff --git a/src/Operations/PKE/PKEv4.php b/src/Operations/PKE/PKEv4.php index 47e173c..77e4eeb 100644 --- a/src/Operations/PKE/PKEv4.php +++ b/src/Operations/PKE/PKEv4.php @@ -6,6 +6,7 @@ Base64UrlSafe, Binary }; +use Exception; use ParagonIE\Paserk\Operations\Key\{ SealingPublicKey, SealingSecretKey @@ -134,8 +135,12 @@ public function unseal(string $header, string $encoded, SealingSecretKey $sk): S $this->assertKeyVersion($sk); // Step 2: - $xsk = sodium_crypto_sign_ed25519_sk_to_curve25519($sk->raw()); - $xpk = sodium_crypto_sign_ed25519_pk_to_curve25519($sk->getPublicKey()->raw()); + try { + $xsk = sodium_crypto_sign_ed25519_sk_to_curve25519($sk->raw()); + $xpk = sodium_crypto_sign_ed25519_pk_to_curve25519($sk->getPublicKey()->raw()); + } catch (Exception $ex) { + throw new PaserkException("Cryptographic error", 0, $ex); + } // Step 3: $xk = sodium_crypto_scalarmult($xsk, $eph_pk); diff --git a/src/Types/Lid.php b/src/Types/Lid.php index 26995aa..2710e52 100644 --- a/src/Types/Lid.php +++ b/src/Types/Lid.php @@ -8,6 +8,7 @@ IdInterface, PaserkException }; +use ParagonIE\Paseto\Exception\InvalidVersionException; use ParagonIE\Paseto\Keys\SymmetricKey; use SodiumException; @@ -23,6 +24,7 @@ class Lid implements IdInterface * @param SymmetricKey $key * @return string * + * @throws InvalidVersionException * @throws PaserkException * @throws SodiumException */ diff --git a/src/Types/Local.php b/src/Types/Local.php index 367aaa1..306ce96 100644 --- a/src/Types/Local.php +++ b/src/Types/Local.php @@ -19,6 +19,7 @@ ProtocolCollection, ProtocolInterface }; +use SodiumException; use function count, explode, @@ -108,7 +109,7 @@ public static function getTypeLabel(): string * @param KeyInterface $key * @return string * @throws PaserkException - * @throws \SodiumException + * @throws SodiumException */ public function id(KeyInterface $key): string { diff --git a/src/Types/LocalPW.php b/src/Types/LocalPW.php index f0f2782..73c0247 100644 --- a/src/Types/LocalPW.php +++ b/src/Types/LocalPW.php @@ -17,6 +17,7 @@ ProtocolCollection, ProtocolInterface }; +use SodiumException; use function array_key_exists, explode; @@ -30,13 +31,13 @@ class LocalPW implements PaserkTypeInterface use ConstraintTrait; /** @var array */ - protected $localCache = []; + protected array $localCache = []; /** @var array $options */ - protected $options; + protected array $options; /** @var HiddenString $password */ - protected $password; + protected HiddenString $password; /** * LocalPW constructor. @@ -79,6 +80,8 @@ public function decode(string $paserk): KeyInterface /** * @param KeyInterface $key * @return string + * + * @throws InvalidVersionException * @throws PaserkException */ public function encode(KeyInterface $key): string @@ -111,8 +114,9 @@ public static function getTypeLabel(): string * @param KeyInterface $key * @return string * + * @throws InvalidVersionException * @throws PaserkException - * @throws \SodiumException + * @throws SodiumException */ public function id(KeyInterface $key): string { diff --git a/src/Types/LocalWrap.php b/src/Types/LocalWrap.php index 2d24646..a7b9e6e 100644 --- a/src/Types/LocalWrap.php +++ b/src/Types/LocalWrap.php @@ -17,6 +17,7 @@ Keys\SymmetricKey, ProtocolCollection }; +use SodiumException; use function array_key_exists; /** @@ -28,10 +29,10 @@ class LocalWrap implements PaserkTypeInterface use ConstraintTrait; /** @var array */ - protected $localCache = []; + protected array $localCache = []; /** @var Wrap $wrap */ - protected $wrap; + protected Wrap $wrap; /** * LocalWrap constructor. @@ -103,7 +104,7 @@ public static function getTypeLabel(): string * * @throws InvalidVersionException * @throws PaserkException - * @throws \SodiumException + * @throws SodiumException */ public function id(KeyInterface $key): string { diff --git a/src/Types/Pid.php b/src/Types/Pid.php index def3b21..91e2dd2 100644 --- a/src/Types/Pid.php +++ b/src/Types/Pid.php @@ -8,6 +8,8 @@ IdInterface, PaserkException }; +use ParagonIE\Paseto\Exception\InvalidVersionException; +use ParagonIE\Paseto\Exception\PasetoException; use ParagonIE\Paseto\Keys\AsymmetricPublicKey; use SodiumException; @@ -22,6 +24,7 @@ class Pid implements IdInterface /** * @param AsymmetricPublicKey $pk * @return string + * * @throws PaserkException * @throws SodiumException */ @@ -30,8 +33,8 @@ public static function encodePublic(AsymmetricPublicKey $pk): string try { $version = $pk->getProtocol(); return self::encode($version, (new PublicType($version))->encode($pk)); - } catch (ParserException $ex) { - throw new PaserkException("Invalid public key"); + } catch (InvalidVersionException|ParserException|PasetoException|PaserkException $ex) { + throw new PaserkException("Invalid public key", 0, $ex); } } diff --git a/src/Types/PublicType.php b/src/Types/PublicType.php index aacaa37..af6ce7d 100644 --- a/src/Types/PublicType.php +++ b/src/Types/PublicType.php @@ -108,6 +108,7 @@ public static function getTypeLabel(): string * @return string * * @throws PaserkException + * @throws PasetoException * @throws SodiumException */ public function id(KeyInterface $key): string diff --git a/src/Types/Seal.php b/src/Types/Seal.php index 2ff08a0..1e20cc0 100644 --- a/src/Types/Seal.php +++ b/src/Types/Seal.php @@ -32,13 +32,13 @@ class Seal implements PaserkTypeInterface use ConstraintTrait; /** @var SealingPublicKey $pk */ - protected $pk; + protected SealingPublicKey $pk; /** @var SealingSecretKey|null $sk */ - protected $sk = null; + protected ?SealingSecretKey $sk = null; /** @var array */ - protected $localCache = []; + protected array $localCache = []; /** * Seal constructor. diff --git a/src/Types/SecretPW.php b/src/Types/SecretPW.php index 8f198ad..eab2e6c 100644 --- a/src/Types/SecretPW.php +++ b/src/Types/SecretPW.php @@ -17,6 +17,7 @@ ProtocolCollection, ProtocolInterface }; +use SodiumException; use function array_key_exists, explode; @@ -30,13 +31,13 @@ class SecretPW implements PaserkTypeInterface use ConstraintTrait; /** @var array */ - protected $localCache = []; + protected array $localCache = []; /** @var array $options */ - protected $options; + protected array $options = []; /** @var HiddenString $password */ - protected $password; + protected HiddenString $password; /** * SecretPW constructor. @@ -121,8 +122,9 @@ public static function getTypeLabel(): string * @param KeyInterface $key * @return string * + * @throws InvalidVersionException * @throws PaserkException - * @throws \SodiumException + * @throws SodiumException */ public function id(KeyInterface $key): string { diff --git a/src/Types/SecretType.php b/src/Types/SecretType.php index a747481..79ef3fc 100644 --- a/src/Types/SecretType.php +++ b/src/Types/SecretType.php @@ -150,6 +150,6 @@ private function throwIfWrongKeyLength(ProtocolInterface $protocol, int $length) } break; } - throw new PaserkException("Invalid secret key length: {$length}"); + throw new PaserkException("Invalid secret key length: $length"); } } diff --git a/src/Types/SecretWrap.php b/src/Types/SecretWrap.php index 8cf194d..f5c2a31 100644 --- a/src/Types/SecretWrap.php +++ b/src/Types/SecretWrap.php @@ -26,10 +26,10 @@ class SecretWrap implements PaserkTypeInterface use ConstraintTrait; /** @var array */ - protected $localCache = []; + protected array $localCache = []; /** @var Wrap $wrap */ - protected $wrap; + protected Wrap $wrap; /** * SecretWrap constructor. diff --git a/src/Util.php b/src/Util.php index 94207e6..0dc1b33 100644 --- a/src/Util.php +++ b/src/Util.php @@ -69,6 +69,7 @@ public static function wipe(string &$byref): void } catch (SodiumException $ex) { $byref ^= $byref; unset($byref); + unset($ex); // We know what this is } } } diff --git a/tests/KAT/LocalPWTest.php b/tests/KAT/LocalPWTest.php index be6c66f..c99f46c 100644 --- a/tests/KAT/LocalPWTest.php +++ b/tests/KAT/LocalPWTest.php @@ -13,6 +13,7 @@ Version4 }; use ParagonIE\Paseto\ProtocolInterface; +use Throwable; /** * @covers LocalPW @@ -49,7 +50,7 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ if ($test['expect-fail']) { try { $wrapper->decode($test['paserk']); - } catch (\Throwable $exception) { + } catch (Throwable $exception) { continue; } $this->fail($name . ' > ' . $test['name'] . ': '. $test['comment']); diff --git a/tests/KAT/LocalWrapPieTest.php b/tests/KAT/LocalWrapPieTest.php index f9399e3..ca6a705 100644 --- a/tests/KAT/LocalWrapPieTest.php +++ b/tests/KAT/LocalWrapPieTest.php @@ -14,6 +14,7 @@ Version4 }; use ParagonIE\Paseto\ProtocolInterface; +use Throwable; /** * @covers LocalWrap @@ -45,7 +46,7 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ if ($test['expect-fail']) { try { $wrapper->decode($test['paserk']); - } catch (\Throwable $exception) { + } catch (Throwable $exception) { continue; } $this->fail($name . ' > ' . $test['name'] . ': '. $test['comment']); diff --git a/tests/KAT/PidTest.php b/tests/KAT/PidTest.php index c793242..65a7e44 100644 --- a/tests/KAT/PidTest.php +++ b/tests/KAT/PidTest.php @@ -2,6 +2,7 @@ declare(strict_types=1); namespace ParagonIE\Paserk\Tests\KAT; +use Exception; use FG\ASN1\Exception\ParserException; use ParagonIE\ConstantTime\Hex; use ParagonIE\Paserk\PaserkException; @@ -10,6 +11,7 @@ use ParagonIE\Paseto\Exception\PasetoException; use ParagonIE\Paseto\Keys\AsymmetricPublicKey; use ParagonIE\Paseto\ProtocolInterface; +use RangeException; use SodiumException; use ParagonIE\Paseto\Protocol\{ Version3, @@ -32,7 +34,7 @@ public function testV4() } /** - * @throws \Exception + * @throws Exception */ protected function getPublicKey(ProtocolInterface $version, string $key): AsymmetricPublicKey { @@ -55,7 +57,7 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ $publickey = $this->getPublicKey($version, $test['key']); Pid::encodePublic($publickey); $this->fail($test['name'] . ': '. $test['comment']); - } catch (ParserException | \RangeException | PasetoException | PaserkException $ex) { + } catch (ParserException | RangeException | PasetoException | PaserkException $ex) { } continue; } diff --git a/tests/KAT/PublicTest.php b/tests/KAT/PublicTest.php index 7b10a16..afee46b 100644 --- a/tests/KAT/PublicTest.php +++ b/tests/KAT/PublicTest.php @@ -11,6 +11,7 @@ use ParagonIE\Paseto\Exception\PasetoException; use ParagonIE\Paseto\Keys\AsymmetricPublicKey; use ParagonIE\Paseto\ProtocolInterface; +use RangeException; use ParagonIE\Paseto\Protocol\{ Version3, Version4 @@ -56,7 +57,7 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ try { $public->decode($test['paserk']); $this->fail($test['name'] . ': ' . $test['comment']); - } catch (ParserException | \RangeException | PasetoException | PaserkException $ex) { + } catch (ParserException | RangeException | PasetoException | PaserkException $ex) { } continue; } @@ -65,7 +66,7 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ $publickey = $this->getPublicKey($version, $test['key']); $public->encode($publickey); $this->fail($test['name'] . ': '. $test['comment']); - } catch (ParserException | \RangeException | PasetoException | PaserkException $ex) { + } catch (ParserException | RangeException | PasetoException | PaserkException $ex) { } continue; } diff --git a/tests/KAT/SealTest.php b/tests/KAT/SealTest.php index b57e0a0..8b3a4bc 100644 --- a/tests/KAT/SealTest.php +++ b/tests/KAT/SealTest.php @@ -11,6 +11,7 @@ SealingSecretKey, SealingPublicKey }; +use Throwable; use ParagonIE\Paseto\Protocol\{ Version3, Version4 @@ -50,7 +51,7 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ if ($test['expect-fail']) { try { $processor->decode($test['paserk']); - } catch (\Throwable $exception) { + } catch (Throwable $exception) { continue; } $this->fail($name . ' > ' . $test['name'] . ': '. $test['comment']); diff --git a/tests/KAT/SecretPWTest.php b/tests/KAT/SecretPWTest.php index cf6b1bb..b49df12 100644 --- a/tests/KAT/SecretPWTest.php +++ b/tests/KAT/SecretPWTest.php @@ -7,6 +7,7 @@ use ParagonIE\HiddenString\HiddenString; use ParagonIE\Paserk\Types\SecretPW; use ParagonIE\Paserk\Tests\KnownAnswers; +use Throwable; use ParagonIE\Paseto\Protocol\{ Version3, Version4 @@ -46,7 +47,7 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ if ($test['expect-fail']) { try { $wrapper->decode($test['paserk']); - } catch (\Throwable $exception) { + } catch (Throwable $exception) { continue; } $this->fail($name . ' > ' . $test['name'] . ': '. $test['comment']); diff --git a/tests/KAT/SecretTest.php b/tests/KAT/SecretTest.php index 24cc208..dcac518 100644 --- a/tests/KAT/SecretTest.php +++ b/tests/KAT/SecretTest.php @@ -11,6 +11,7 @@ use ParagonIE\Paseto\Exception\PasetoException; use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\ProtocolInterface; +use RangeException; use ParagonIE\Paseto\Protocol\{ Version3, Version4 @@ -56,7 +57,7 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ try { $secret->decode($test['paserk']); $this->fail($test['name'] . ': ' . $test['comment']); - } catch (ParserException | \RangeException | PasetoException | PaserkException $ex) { + } catch (ParserException | RangeException | PasetoException | PaserkException $ex) { } continue; } @@ -65,7 +66,7 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ $secretkey = $this->getSecretKey($version, $test['key']); $secret->encode($secretkey); $this->fail($test['name'] . ': '. $test['comment']); - } catch (ParserException | \RangeException | PasetoException | PaserkException $ex) { + } catch (ParserException | RangeException | PasetoException | PaserkException $ex) { } continue; } diff --git a/tests/KAT/SecretWrapPieTest.php b/tests/KAT/SecretWrapPieTest.php index de2357f..54e93b6 100644 --- a/tests/KAT/SecretWrapPieTest.php +++ b/tests/KAT/SecretWrapPieTest.php @@ -9,6 +9,7 @@ use ParagonIE\Paserk\Tests\KnownAnswers; use ParagonIE\Paserk\Types\SecretWrap; use ParagonIE\Paseto\Keys\SymmetricKey; +use Throwable; use ParagonIE\Paseto\Protocol\{ Version3, Version4 @@ -45,7 +46,7 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ if ($test['expect-fail']) { try { $wrapper->decode($test['paserk']); - } catch (\Throwable $exception) { + } catch (Throwable $exception) { continue; } $this->fail($name . ' > ' . $test['name'] . ': '. $test['comment']); diff --git a/tests/KAT/SidTest.php b/tests/KAT/SidTest.php index 032b2f7..33b59ed 100644 --- a/tests/KAT/SidTest.php +++ b/tests/KAT/SidTest.php @@ -12,6 +12,7 @@ use ParagonIE\Paseto\Exception\PasetoException; use ParagonIE\Paseto\Keys\AsymmetricSecretKey; use ParagonIE\Paseto\ProtocolInterface; +use RangeException; use SodiumException; use ParagonIE\Paseto\Protocol\{ Version3, @@ -62,7 +63,7 @@ protected function genericTest(ProtocolInterface $version, string $name, array $ $secretkey = $this->getSecretKey($version, $test['key']); Sid::encodeSecret($secretkey); $this->fail($test['name'] . ': '. $test['comment']); - } catch (ParserException | \RangeException | PasetoException | PaserkException $ex) { + } catch (ParserException | RangeException | PasetoException | PaserkException $ex) { } continue; } diff --git a/tests/KnownAnswers.php b/tests/KnownAnswers.php index 4c908ad..c04e71b 100644 --- a/tests/KnownAnswers.php +++ b/tests/KnownAnswers.php @@ -9,6 +9,7 @@ Version3, Version4 }; +use Exception; abstract class KnownAnswers extends TestCase { @@ -70,7 +71,7 @@ protected function getProtocol(string $test): ProtocolInterface return match ($header) { 'v3', 'k3' => new Version3(), 'v4', 'k4' => new Version4(), - default => throw new \Exception("Unknown protocol: {$test}"), + default => throw new Exception("Unknown protocol: $test"), }; } } diff --git a/tests/Operations/Wrap/PieTest.php b/tests/Operations/Wrap/PieTest.php index 0f1574f..1103b45 100644 --- a/tests/Operations/Wrap/PieTest.php +++ b/tests/Operations/Wrap/PieTest.php @@ -1,9 +1,9 @@