diff options
| author | Dr. David von Oheimb <dev@ddvo.net> | 2023-08-29 11:09:05 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-09-05 13:25:41 +0200 |
| commit | e664ef78b92532bf94c7976b181d88c4abf83074 (patch) | |
| tree | 9eec333d5581407a7bf666a607b00e5463de048c | |
| parent | 72a0688552176b658943972b282f2716dff614a0 (diff) | |
CMP: generalize ossl_cmp_calc_protection() to handle Edwards curves correctly
Fixes #21564
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21884)
| -rw-r--r-- | crypto/cmp/cmp_protect.c | 36 | ||||
| -rw-r--r-- | crypto/crmf/crmf_lib.c | 5 | ||||
| -rw-r--r-- | doc/internal/man3/ossl_cmp_msg_protect.pod | 3 | ||||
| -rw-r--r-- | test/cmp_protect_test.c | 130 | ||||
| -rw-r--r-- | test/recipes/65-test_cmp_protect.t | 6 | ||||
| -rw-r--r-- | test/recipes/65-test_cmp_protect_data/GENM_protected_Ed.der | bin | 0 -> 232 bytes | |||
| -rw-r--r-- | test/recipes/65-test_cmp_protect_data/IR_protected.der | bin | 968 -> 970 bytes | |||
| -rw-r--r-- | test/recipes/65-test_cmp_protect_data/prot_Ed.pem | 3 | ||||
| -rw-r--r-- | test/recipes/65-test_cmp_protect_data/prot_RSA.pem | 27 |
9 files changed, 128 insertions, 82 deletions
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 3d633bef79..c48a47660e 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -22,9 +22,11 @@ /* * This function is also used by the internal verify_PBMAC() in cmp_vfy.c. * - * Calculate protection for given PKImessage according to - * the algorithm and parameters in the message header's protectionAlg + * Calculate protection for |msg| according to |msg->header->protectionAlg| * using the credentials, library context, and property criteria in the ctx. + * Unless |msg->header->protectionAlg| is PasswordBasedMAC, + * its value is completed according to |ctx->pkey| and |ctx->digest|, + * where the latter irrelevant in the case of Edwards curves. * * returns ASN1_BIT_STRING representing the protection on success, else NULL */ @@ -104,23 +106,22 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, OPENSSL_free(prot_part_der); return prot; } else { - int md_nid; - const EVP_MD *md = NULL; + const EVP_MD *md = ctx->digest; + char name[80] = ""; if (ctx->pkey == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); return NULL; } - if (!OBJ_find_sigid_algs(OBJ_obj2nid(algorOID), &md_nid, NULL) - || (md = EVP_get_digestbynid(md_nid)) == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_ALGORITHM_ID); - return NULL; - } + if (EVP_PKEY_get_default_digest_name(ctx->pkey, name, sizeof(name)) > 0 + && strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */ + md = NULL; if ((prot = ASN1_BIT_STRING_new()) == NULL) return NULL; - if (ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), NULL, + if (ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), + msg->header->protectionAlg, /* sets X509_ALGOR */ NULL, prot, &prot_part, NULL, ctx->pkey, md, ctx->libctx, ctx->propq)) return prot; @@ -216,18 +217,6 @@ static X509_ALGOR *pbmac_algor(const OSSL_CMP_CTX *ctx) return alg; } -static X509_ALGOR *sig_algor(const OSSL_CMP_CTX *ctx) -{ - int nid = 0; - - if (!OBJ_find_sigid_by_algs(&nid, EVP_MD_get_type(ctx->digest), - EVP_PKEY_get_id(ctx->pkey))) { - ERR_raise(ERR_LIB_CMP, CMP_R_UNSUPPORTED_KEY_TYPE); - return 0; - } - return ossl_X509_ALGOR_from_nid(nid, V_ASN1_UNDEF, NULL); -} - static int set_senderKID(const OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg, const ASN1_OCTET_STRING *id) { @@ -275,7 +264,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) goto err; } - if ((msg->header->protectionAlg = sig_algor(ctx)) == NULL) + if ((msg->header->protectionAlg = X509_ALGOR_new()) == NULL) goto err; /* set senderKID to keyIdentifier of the cert according to 5.1.1 */ if (!set_senderKID(ctx, msg, X509_get0_subject_key_id(ctx->cert))) @@ -291,6 +280,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) goto err; } if (!ctx->unprotectedSend + /* protect according to msg->header->protectionAlg partly set above */ && ((msg->protection = ossl_cmp_calc_protection(ctx, msg)) == NULL)) goto err; diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index 12939b9920..6e9f3b7ca2 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -386,8 +386,9 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps, digest = NULL; return ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST), - ps->algorithmIdentifier, NULL, ps->signature, cr, - NULL, pkey, digest, libctx, propq); + ps->algorithmIdentifier, /* sets this X509_ALGOR */ + NULL, ps->signature, /* sets the ASN1_BIT_STRING */ + cr, NULL, pkey, digest, libctx, propq); } int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, diff --git a/doc/internal/man3/ossl_cmp_msg_protect.pod b/doc/internal/man3/ossl_cmp_msg_protect.pod index 04da21fd9f..2956b48ad8 100644 --- a/doc/internal/man3/ossl_cmp_msg_protect.pod +++ b/doc/internal/man3/ossl_cmp_msg_protect.pod @@ -21,6 +21,9 @@ ossl_cmp_msg_add_extraCerts ossl_cmp_calc_protection() calculates the protection for the given I<msg> according to the algorithm and parameters in the message header's protectionAlg using the credentials, library context, and property criteria in the I<ctx>. +Unless I<msg->header->protectionAlg> is B<PasswordBasedMAC>, +its value is completed according to I<ctx->pkey> and I<ctx->digest>, +where the latter irrelevant in the case of Edwards curves. ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm depending on the available context information given in the I<ctx>. diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index b8a50d3157..8c6c9f29c2 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -12,6 +12,7 @@ #include "helpers/cmp_testlib.h" static const char *ir_protected_f; +static const char *genm_prot_Ed_f; static const char *ir_unprotected_f; static const char *ip_PBM_f; @@ -62,10 +63,13 @@ static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) return fixture; } -static EVP_PKEY *loadedprivkey = NULL; -static EVP_PKEY *loadedpubkey = NULL; -static EVP_PKEY *loadedkey = NULL; -static X509 *cert = NULL; +static EVP_PKEY *prot_RSA_key = NULL; +#ifndef OPENSSL_NO_ECX +static EVP_PKEY *prot_Ed_key = NULL; +static OSSL_CMP_MSG *genm_protected_Ed; +#endif +static EVP_PKEY *server_key = NULL; +static X509 *server_cert = NULL; static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; static OSSL_CMP_MSG *ir_unprotected, *ir_protected; static X509 *endentity1 = NULL, *endentity2 = NULL, @@ -94,33 +98,20 @@ static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) } /* - * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c, - * but without the need for an OSSL_CMP_CTX or a X509 certificate + * This function works similarly to parts of verify_signature in cmp_vfy.c, + * but without the need for an OSSL_CMP_CTX or an X509 certificate. */ static int verify_signature(OSSL_CMP_MSG *msg, ASN1_BIT_STRING *protection, EVP_PKEY *pkey, EVP_MD *digest) { OSSL_CMP_PROTECTEDPART prot_part; - unsigned char *prot_part_der = NULL; - int len; - EVP_MD_CTX *ctx = NULL; - int res; prot_part.header = OSSL_CMP_MSG_get0_header(msg); prot_part.body = msg->body; - len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); - res = - TEST_int_ge(len, 0) - && TEST_ptr(ctx = EVP_MD_CTX_new()) - && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey)) - && TEST_int_eq(EVP_DigestVerify(ctx, protection->data, - protection->length, - prot_part_der, len), 1); - /* cleanup */ - EVP_MD_CTX_free(ctx); - OPENSSL_free(prot_part_der); - return res; + return ASN1_item_verify_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), + msg->header->protectionAlg, protection, + &prot_part, NULL, pkey, libctx, NULL) > 0; } /* Calls OSSL_CMP_calc_protection and compares and verifies signature */ @@ -130,11 +121,9 @@ static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * ASN1_BIT_STRING *protection = ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); int ret = (TEST_ptr(protection) - && TEST_true(ASN1_STRING_cmp(protection, - fixture->msg->protection) == 0) - && TEST_true(verify_signature(fixture->msg, protection, - fixture->pubkey, - fixture->cmp_ctx->digest))); + && TEST_true(verify_signature(fixture->msg, protection, + fixture->pubkey, + fixture->cmp_ctx->digest))); ASN1_BIT_STRING_free(protection); return ret; @@ -157,9 +146,9 @@ static int test_cmp_calc_protection_no_key_no_secret(void) static int test_cmp_calc_protection_pkey(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); - fixture->pubkey = loadedpubkey; - if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey)) - || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { + fixture->pubkey = prot_RSA_key; + if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, prot_RSA_key)) + || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -167,6 +156,21 @@ static int test_cmp_calc_protection_pkey(void) return result; } +#ifndef OPENSSL_NO_ECX +static int test_cmp_calc_protection_pkey_Ed(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->pubkey = prot_Ed_key; + if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, prot_Ed_key)) + || !TEST_ptr(fixture->msg = load_pkimsg(genm_prot_Ed_f, libctx))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); + return result; +} +#endif + static int test_cmp_calc_protection_pbmac(void) { unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' }; @@ -236,8 +240,9 @@ static int test_MSG_protect_with_certificate_and_key(void) if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) - || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) - || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { + || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, server_key)) + || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, + server_cert))) { tear_down(fixture); fixture = NULL; } @@ -255,11 +260,11 @@ static int test_MSG_protect_certificate_based_without_cert(void) if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) - || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) { + || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, server_key))) { tear_down(fixture); fixture = NULL; } - EVP_PKEY_up_ref(loadedkey); + EVP_PKEY_up_ref(server_key); EXECUTE_TEST(execute_MSG_protect_test, tear_down); return result; } @@ -517,10 +522,13 @@ static int test_X509_STORE_only_self_issued(void) void cleanup_tests(void) { - EVP_PKEY_free(loadedprivkey); - EVP_PKEY_free(loadedpubkey); - EVP_PKEY_free(loadedkey); - X509_free(cert); + EVP_PKEY_free(prot_RSA_key); +#ifndef OPENSSL_NO_ECX + EVP_PKEY_free(prot_Ed_key); + OSSL_CMP_MSG_free(genm_protected_Ed); +#endif + EVP_PKEY_free(server_key); + X509_free(server_cert); X509_free(endentity1); X509_free(endentity2); X509_free(root); @@ -532,14 +540,16 @@ void cleanup_tests(void) OSSL_LIB_CTX_free(libctx); } -#define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \ +#define USAGE "prot_RSA.pem IR_protected.der prot_Ed.pem " \ + "GENM_protected_Ed.der IR_unprotected.der IP_PBM.der " \ "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \ "Intermediate_CA.crt module_name [module_conf_file]\n" OPT_TEST_DECLARE_USAGE(USAGE) int setup_tests(void) { - char *server_f; + char *prot_RSA_f; + char *prot_Ed_f; char *server_key_f; char *server_cert_f; char *endentity1_f; @@ -553,32 +563,39 @@ int setup_tests(void) } RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); - if (!TEST_ptr(server_f = test_get_argument(0)) + if (!TEST_ptr(prot_RSA_f = test_get_argument(0)) || !TEST_ptr(ir_protected_f = test_get_argument(1)) - || !TEST_ptr(ir_unprotected_f = test_get_argument(2)) - || !TEST_ptr(ip_PBM_f = test_get_argument(3)) - || !TEST_ptr(server_cert_f = test_get_argument(4)) - || !TEST_ptr(server_key_f = test_get_argument(5)) - || !TEST_ptr(endentity1_f = test_get_argument(6)) - || !TEST_ptr(endentity2_f = test_get_argument(7)) - || !TEST_ptr(root_f = test_get_argument(8)) - || !TEST_ptr(intermediate_f = test_get_argument(9))) { + || !TEST_ptr(prot_Ed_f = test_get_argument(2)) + || !TEST_ptr(genm_prot_Ed_f = test_get_argument(3)) + || !TEST_ptr(ir_unprotected_f = test_get_argument(4)) + || !TEST_ptr(ip_PBM_f = test_get_argument(5)) + || !TEST_ptr(server_cert_f = test_get_argument(6)) + || !TEST_ptr(server_key_f = test_get_argument(7)) + || !TEST_ptr(endentity1_f = test_get_argument(8)) + || !TEST_ptr(endentity2_f = test_get_argument(9)) + || !TEST_ptr(root_f = test_get_argument(10)) + || !TEST_ptr(intermediate_f = test_get_argument(11))) { TEST_error("usage: cmp_protect_test %s", USAGE); return 0; } - if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE)) + if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 12, USAGE)) return 0; - if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx)) - || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))) + if (!TEST_ptr(server_key = load_pkey_pem(server_key_f, libctx)) + || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx))) return 0; - if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx))) + if (!TEST_ptr(prot_RSA_key = load_pkey_pem(prot_RSA_f, libctx))) return 0; - if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) - loadedpubkey = loadedprivkey; +#ifndef OPENSSL_NO_ECX + if (!TEST_ptr(prot_Ed_key = load_pkey_pem(prot_Ed_f, libctx))) + return 0; +#endif if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) +#ifndef OPENSSL_NO_ECX + || !TEST_ptr(genm_protected_Ed = load_pkimsg(genm_prot_Ed_f, libctx)) +#endif || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) return 0; if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) @@ -592,6 +609,9 @@ int setup_tests(void) /* Message protection tests */ ADD_TEST(test_cmp_calc_protection_no_key_no_secret); ADD_TEST(test_cmp_calc_protection_pkey); +#ifndef OPENSSL_NO_ECX + ADD_TEST(test_cmp_calc_protection_pkey_Ed); +#endif ADD_TEST(test_cmp_calc_protection_pbmac); ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key); diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t index 631603df7c..d4e863f85a 100644 --- a/test/recipes/65-test_cmp_protect.t +++ b/test/recipes/65-test_cmp_protect.t @@ -30,8 +30,10 @@ plan skip_all => "This test is not supported in a shared library build on Window plan tests => 2 + ($no_fips ? 0 : 1); #fips test my @basic_cmd = ("cmp_protect_test", - data_file("server.pem"), - data_file("IR_protected.der"), + data_file("prot_RSA.pem"), + data_file("IR_protected.der"), # signed using prot_RSA.pem + data_file("prot_Ed.pem"), # test/certs/root-ed25519.privkey.pem + data_file("GENM_protected_Ed.der"), # signed using prot_Ed.pem data_file("IR_unprotected.der"), data_file("IP_PBM.der"), data_file("server.crt"), diff --git a/test/recipes/65-test_cmp_protect_data/GENM_protected_Ed.der b/test/recipes/65-test_cmp_protect_data/GENM_protected_Ed.der Binary files differnew file mode 100644 index 0000000000..3efa755b7e --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/GENM_protected_Ed.der diff --git a/test/recipes/65-test_cmp_protect_data/IR_protected.der b/test/recipes/65-test_cmp_protect_data/IR_protected.der Binary files differindex ce0a7a46dc..2912c6b810 100644 --- a/test/recipes/65-test_cmp_protect_data/IR_protected.der +++ b/test/recipes/65-test_cmp_protect_data/IR_protected.der diff --git a/test/recipes/65-test_cmp_protect_data/prot_Ed.pem b/test/recipes/65-test_cmp_protect_data/prot_Ed.pem new file mode 100644 index 0000000000..e447080ae2 --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/prot_Ed.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC +-----END PRIVATE KEY----- diff --git a/test/recipes/65-test_cmp_protect_data/prot_RSA.pem b/test/recipes/65-test_cmp_protect_data/prot_RSA.pem new file mode 100644 index 0000000000..2324266798 --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/prot_RSA.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA4ckRrH0UWmIJFj99kBqvCipGjJRAaPkdvWjdDQLglTpI3eZA +JHnq0ypW/PZccrWjo7mxuvAStEYWF+5Jx6ZFmAsC1K0NNebSAZQoLWYZqiOzkfVV +pLicMnItNFElfCohBzPCYmF5UlC5yp9PSUEfNwPJqDIRMtw+IlVUV3AJw9TJ3uuW +q/vWW9r96/gBKKddmj/q2gGT8RC6LxEaolTbhfPbHaA1DFpv1WQFb3oAV3Wq14SO +Zf9bH1olBVsmBMsUshFEw5MXVrNCv2moM4HtITMyjvZe7eIwHzSzf6dvQjERG6Gv +Z/i5KOhaqgJCnRKdHHzijz9cLec5p9NSOuC1OwIDAQABAoIBAGiYVO+rIfqc38jG +sMxJED2NSBFnvE7k2LoeEgktBA0daxQgziYXtIkOXC3jkwAw1RXLuGH5RTDuJt3/ +LX6nsCW3NCCB6lTGERNaJyKg4dLHpzA+juY3/2P/MKHD1bGncpV7jNk2fpV7gBY1 +pu0wld1Oi+S3DPCaxs3w6Zl39Y4Z7oSNf6DRO5lGN3Asc8TSVjIOWpAl8LIg+P2B +ZvFeHRANVXaV9YmF2uEi7iMgH4vGrK2svsmM9VThVO4ArGcTRTvGYn7aw3/H4Pt+ +lYuhERdpkKBT0tCgIpO5IJXMl4/5RSDTtcBwiJcReN5IHUAItBIPSHcMflNSKG/I +aQf4u0ECgYEA8+PAyzn096Y2UrKzE75yuadCveLjsUWx2NN5ZMohQru99F4k7Pab +/Te4qOe5zlxHAPK3LRwvbwUWo5mLfs45wFrSgZoRlYcCuL+JaX0y2oXMMF9E+UkY +tljMt/HpLo1SfSjN2Sae4LVhC7rWJ43LtyRepptzBPGqd26eLPGAMr8CgYEA7P8u +RGkMOrMzEKAb0A9smrzq2xW88T1VejqEt6R8mUcNt8PFHMgjuzVU4zDysrlb7G/0 +VSkQWnJxBh1yNGc1Av7YgwicIgApr4ty0hZhLcnKX2VrNw+L/sSe/cnwVAc6RtPK +RR6xQubuLlrCGcbYXmyn5Jv+nlY0S3uCyDFHqIUCgYAwtpLxhJf7RwWeqva9wNJl +ZpUcHE9iPwtwxXx/tyfBjoI4Zv11HyS1BQYrJm2kXCYKeHBB4FlREXEeKDMGluZO +F1XocP+GIDtY71jg6xLXNtY76yt5pzH6ae4p53WtyKhrO1UyRFaDh3bkwuK3b8j6 +wZbuLCpjGGn2BPAvBeWXPQKBgEewKN6op/pZmmi9Bay5/bAQ1TnQKYcPdnuyl9K0 +/ruespeTsFw0bhqC11qhw8gsKZIri0z3TusNEwM2hQU08uQlEnkQcaoXQoTHOcQy +4NJo575Tf0r4ePBnqXA7VWcViJtEFTszPYtvLzz2VyBU9b4aP+73AN4EVW0/vx+v +SG3BAoGBAMzESFA2TXwUFmozK5zowIszc995Xqpi7mXKk77WESOpoS1dQ1wF1dSg +XOwxzFoYovLxcc1K9lqOrod8BV+qGuEfc/PIJ2aiXjvEDeZYX2eWaANNmj4OSLoJ +MNYj9tZxbq56slD7snf7AgUBnwKz0Pj6H6UsbE3gdJqZWCDyw/bB +-----END RSA PRIVATE KEY----- |