Merge pull request #404 from libtom/pr/pkcs8-improved

Improved pkcs8 support

doc/crypt.tex

@@ -4710,7 +4710,10 @@ int rsa_import_pkcs8(const unsigned char *in,
 
 This function can import RSA private keys serialized in PKCS\#8 format.
 
-It provides a \textit{password} parameter for the encrypted PKCS\#8 format, but this functionality is currently NOT implemented.
+Where \textit{key} is the RSA key structure (uninitialized), \textit{inlen} bytes of \textit{in} buffer is the DER encoded key,
+and \textit{pwdlen} bytes of \textit{pwd} is optional password/secret (use \textit{pwd = NULL} for keys without password protection).
+
+For password-protected files all supported encryption algorithms are listed in \ref{fig:pkcs8}.
 
 \index{rsa\_import\_x509()}
 \begin{verbatim}
@@ -5389,30 +5392,7 @@ int ecc_import_pkcs8(const unsigned char *in,
 Where \textit{key} is the ECC key structure (uninitialized), \textit{inlen} bytes of \textit{in} buffer is the DER encoded key,
 and \textit{pwdlen} bytes of \textit{pwd} is optional password/secret (use \textit{pwd = NULL} for keys without password protection).
 
-The library supports the following encryption algorithms:
-
-\begin{table}[H]
-\begin{center}
-\begin{tabular}{|l|l|}
-      \hline \textbf{Scheme} & \textbf{Algorithm}              \\
-      \hline PBES1           & pbeWithMD2AndDES-CBC            \\
-      \hline PBES1           & pbeWithMD2AndRC2-CBC            \\
-      \hline PBES1           & pbeWithMD5AndDES-CBC            \\
-      \hline PBES1           & pbeWithMD5AndRC2-CBC            \\
-      \hline PBES1           & pbeWithSHA1AndDES-CBC           \\
-      \hline PBES1           & pbeWithSHA1AndRC2-CBC           \\
-      \hline PBES1           & pbeWithSHAAnd3-KeyTripleDES-CBC \\
-      \hline PBES2 + PBKDF2  & desCBC                          \\
-      \hline PBES2 + PBKDF2  & rc2CBC                          \\
-      \hline PBES2 + PBKDF2  & des-EDE3-CBC                    \\
-      \hline PBES2 + PBKDF2  & aes128-CBC                      \\
-      \hline PBES2 + PBKDF2  & aes192-CBC                      \\
-      \hline PBES2 + PBKDF2  & aes256-CBC                      \\
-      \hline
-\end{tabular}
-\caption{Supported PKCS\#8 encryption algorithms of ecc\_import\_pkcs8()}
-\end{center}
-\end{table}
+For password-protected files all supported encryption algorithms are listed in \ref{fig:pkcs8}.
 
 \subsection{Key Export -- LTC proprietary (deprecated)}
 
@@ -5549,7 +5529,7 @@ int ecc_sign_hash_rfc7518(const unsigned char *in,
 This function creates the same ECDSA signature as \textit{ecc\_sign\_hash} only the output format is different.
 The format follows \url{https://tools.ietf.org/html/rfc7518#section-3.4}, sometimes it is also called plain signature.
 
-\index{ecc\_sign\_hash_ex()}
+\index{ecc\_sign\_hash\_ex()}
 \begin{verbatim}
 int ecc_sign_hash_ex(const unsigned char *in,
                            unsigned long  inlen,
@@ -5595,7 +5575,7 @@ int ecc_verify_hash_rfc7518(const unsigned char *sig,
 This function validate the ECDSA signature as \textit{ecc\_verify\_hash} only the signature input format
 follows \url{https://tools.ietf.org/html/rfc7518#section-3.4}.
 
-\index{ecc\_verify\_hash_ex()}
+\index{ecc\_verify\_hash\_ex()}
 \begin{verbatim}
 int ecc_verify_hash_ex(const unsigned char *sig,
                              unsigned long  siglen,
@@ -6897,6 +6877,42 @@ int main(void)
 }
 \end{verbatim}
 
+\mysection{PKCS \#8}
+\index{PKCS \#8}
+
+The library has built-in support for PKCS \#8 decoding as specified in RFC 5208.
+
+Encoding of private keys into PKCS \#8 is not supported.
+
+The library supports the following encryption algorithms:
+
+\begin{table}[H]
+\begin{center}
+\begin{tabular}{|l|l|}
+      \hline \textbf{Scheme} & \textbf{Algorithm}              \\
+      \hline PBES1           & pbeWithMD2AndDES-CBC            \\
+      \hline PBES1           & pbeWithMD2AndRC2-CBC            \\
+      \hline PBES1           & pbeWithMD5AndDES-CBC            \\
+      \hline PBES1           & pbeWithMD5AndRC2-CBC            \\
+      \hline PBES1           & pbeWithSHA1AndDES-CBC           \\
+      \hline PBES1           & pbeWithSHA1AndRC2-CBC           \\
+      \hline PBES1           & pbeWithSHAAnd3-KeyTripleDES-CBC \\
+      \hline PBES2 + PBKDF2  & desCBC                          \\
+      \hline PBES2 + PBKDF2  & rc2CBC                          \\
+      \hline PBES2 + PBKDF2  & des-EDE3-CBC                    \\
+      \hline PBES2 + PBKDF2  & aes128-CBC                      \\
+      \hline PBES2 + PBKDF2  & aes192-CBC                      \\
+      \hline PBES2 + PBKDF2  & aes256-CBC                      \\
+      \hline
+\end{tabular}
+\caption{Supported PKCS\#8 encryption algorithms}
+\end{center}
+\label{fig:pkcs8}
+\end{table}
+
+The PKCS \#8 import has no direct API endpoints, but it is available through Public Key Algorithm-specific
+\textit{pkaX\_import\_pkcs8()} functions.
+
 \mysection{Key Derviation Functions}
 \subsection{HKDF}
 \index{HKDF}

libtomcrypt_VS2008.vcproj

@@ -1563,6 +1563,22 @@
 					>
 				</File>
 			</Filter>
+			<Filter
+				Name="pbes"
+				>
+				<File
+					RelativePath="src\misc\pbes\pbes.c"
+					>
+				</File>
+				<File
+					RelativePath="src\misc\pbes\pbes1.c"
+					>
+				</File>
+				<File
+					RelativePath="src\misc\pbes\pbes2.c"
+					>
+				</File>
+			</Filter>
 			<Filter
 				Name="pkcs12"
 				>
@@ -2146,7 +2162,7 @@
 						>
 					</File>
 					<File
-						RelativePath="src\pk\asn1\oid\pk_oid_asn1.c"
+						RelativePath="src\pk\asn1\oid\pk_oid_cmp.c"
 						>
 					</File>
 					<File
@@ -2154,6 +2170,14 @@
 						>
 					</File>
 				</Filter>
+				<Filter
+					Name="pkcs8"
+					>
+					<File
+						RelativePath="src\pk\asn1\pkcs8\pkcs8_decode_flexi.c"
+						>
+					</File>
+				</Filter>
 				<Filter
 					Name="x509"
 					>
@@ -2330,6 +2354,10 @@
 					RelativePath="src\pk\ecc\ecc_import_openssl.c"
 					>
 				</File>
+				<File
+					RelativePath="src\pk\ecc\ecc_import_pkcs8.c"
+					>
+				</File>
 				<File
 					RelativePath="src\pk\ecc\ecc_import_x509.c"
 					>

makefile.mingw

@@ -110,14 +110,15 @@ src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_sizes.o \
 src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
 src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \
 src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/padding/padding_depad.o \
-src/misc/padding/padding_pad.o src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o \
-src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
-src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
-src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
-src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
-src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
-src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/misc/padding/padding_pad.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o src/misc/pbes/pbes2.o \
+src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o src/misc/pkcs5/pkcs_5_1.o \
+src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
 src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
 src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
 src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
@@ -167,8 +168,8 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
 src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
 src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
 src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
-src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_asn1.o src/pk/asn1/oid/pk_oid_str.o \
-src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
+src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \
+src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
 src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \
 src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \
 src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \
@@ -180,21 +181,21 @@ src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \
 src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \
 src/pk/ecc/ecc_export.o src/pk/ecc/ecc_export_openssl.o src/pk/ecc/ecc_find_curve.o \
 src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_key.o src/pk/ecc/ecc_get_oid_str.o src/pk/ecc/ecc_get_size.o \
-src/pk/ecc/ecc_import.o src/pk/ecc/ecc_import_openssl.o src/pk/ecc/ecc_import_x509.o \
-src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_recover_key.o src/pk/ecc/ecc_set_curve.o \
-src/pk/ecc/ecc_set_curve_internal.o src/pk/ecc/ecc_set_key.o src/pk/ecc/ecc_shared_secret.o \
-src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
-src/pk/ecc/ltc_ecc_export_point.o src/pk/ecc/ltc_ecc_import_point.o src/pk/ecc/ltc_ecc_is_point.o \
-src/pk/ecc/ltc_ecc_is_point_at_infinity.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \
-src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \
-src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \
-src/pk/ecc/ltc_ecc_verify_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
-src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
-src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
-src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
-src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \
-src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/ecc/ecc_import.o src/pk/ecc/ecc_import_openssl.o src/pk/ecc/ecc_import_pkcs8.o \
+src/pk/ecc/ecc_import_x509.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_recover_key.o \
+src/pk/ecc/ecc_set_curve.o src/pk/ecc/ecc_set_curve_internal.o src/pk/ecc/ecc_set_key.o \
+src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o \
+src/pk/ecc/ecc_verify_hash.o src/pk/ecc/ltc_ecc_export_point.o src/pk/ecc/ltc_ecc_import_point.o \
+src/pk/ecc/ltc_ecc_is_point.o src/pk/ecc/ltc_ecc_is_point_at_infinity.o src/pk/ecc/ltc_ecc_map.o \
+src/pk/ecc/ltc_ecc_mul2add.o src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o \
+src/pk/ecc/ltc_ecc_points.o src/pk/ecc/ltc_ecc_projective_add_point.o \
+src/pk/ecc/ltc_ecc_projective_dbl_point.o src/pk/ecc/ltc_ecc_verify_key.o src/pk/pkcs1/pkcs_1_i2osp.o \
+src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o \
+src/pk/pkcs1/pkcs_1_os2ip.o src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
+src/pk/pkcs1/pkcs_1_v1_5_decode.o src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o \
+src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o \
+src/pk/rsa/rsa_get_size.o src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o \
+src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
 src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \
 src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
 src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \

makefile.msvc

@@ -103,14 +103,15 @@ src/misc/crypt/crypt_register_prng.obj src/misc/crypt/crypt_sizes.obj \
 src/misc/crypt/crypt_unregister_cipher.obj src/misc/crypt/crypt_unregister_hash.obj \
 src/misc/crypt/crypt_unregister_prng.obj src/misc/error_to_string.obj src/misc/hkdf/hkdf.obj \
 src/misc/hkdf/hkdf_test.obj src/misc/mem_neq.obj src/misc/padding/padding_depad.obj \
-src/misc/padding/padding_pad.obj src/misc/pkcs12/pkcs12_kdf.obj src/misc/pkcs12/pkcs12_utf8_to_utf16.obj \
-src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/pkcs5/pkcs_5_test.obj src/misc/zeromem.obj \
-src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_done.obj src/modes/cbc/cbc_encrypt.obj \
-src/modes/cbc/cbc_getiv.obj src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj \
-src/modes/cfb/cfb_decrypt.obj src/modes/cfb/cfb_done.obj src/modes/cfb/cfb_encrypt.obj \
-src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.obj \
-src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj \
-src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj src/modes/ctr/ctr_test.obj \
+src/misc/padding/padding_pad.obj src/misc/pbes/pbes.obj src/misc/pbes/pbes1.obj src/misc/pbes/pbes2.obj \
+src/misc/pkcs12/pkcs12_kdf.obj src/misc/pkcs12/pkcs12_utf8_to_utf16.obj src/misc/pkcs5/pkcs_5_1.obj \
+src/misc/pkcs5/pkcs_5_2.obj src/misc/pkcs5/pkcs_5_test.obj src/misc/zeromem.obj src/modes/cbc/cbc_decrypt.obj \
+src/modes/cbc/cbc_done.obj src/modes/cbc/cbc_encrypt.obj src/modes/cbc/cbc_getiv.obj \
+src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj src/modes/cfb/cfb_decrypt.obj \
+src/modes/cfb/cfb_done.obj src/modes/cfb/cfb_encrypt.obj src/modes/cfb/cfb_getiv.obj \
+src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.obj src/modes/ctr/ctr_decrypt.obj \
+src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj src/modes/ctr/ctr_getiv.obj \
+src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj src/modes/ctr/ctr_test.obj \
 src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj src/modes/ecb/ecb_encrypt.obj \
 src/modes/ecb/ecb_start.obj src/modes/f8/f8_decrypt.obj src/modes/f8/f8_done.obj src/modes/f8/f8_encrypt.obj \
 src/modes/f8/f8_getiv.obj src/modes/f8/f8_setiv.obj src/modes/f8/f8_start.obj src/modes/f8/f8_test_mode.obj \
@@ -160,8 +161,8 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.obj \
 src/pk/asn1/der/utctime/der_decode_utctime.obj src/pk/asn1/der/utctime/der_encode_utctime.obj \
 src/pk/asn1/der/utctime/der_length_utctime.obj src/pk/asn1/der/utf8/der_decode_utf8_string.obj \
 src/pk/asn1/der/utf8/der_encode_utf8_string.obj src/pk/asn1/der/utf8/der_length_utf8_string.obj \
-src/pk/asn1/oid/pk_get_oid.obj src/pk/asn1/oid/pk_oid_asn1.obj src/pk/asn1/oid/pk_oid_str.obj \
-src/pk/asn1/x509/x509_decode_subject_public_key_info.obj \
+src/pk/asn1/oid/pk_get_oid.obj src/pk/asn1/oid/pk_oid_cmp.obj src/pk/asn1/oid/pk_oid_str.obj \
+src/pk/asn1/pkcs8/pkcs8_decode_flexi.obj src/pk/asn1/x509/x509_decode_subject_public_key_info.obj \
 src/pk/asn1/x509/x509_encode_subject_public_key_info.obj src/pk/dh/dh.obj src/pk/dh/dh_check_pubkey.obj \
 src/pk/dh/dh_export.obj src/pk/dh/dh_export_key.obj src/pk/dh/dh_free.obj src/pk/dh/dh_generate_key.obj \
 src/pk/dh/dh_import.obj src/pk/dh/dh_set.obj src/pk/dh/dh_set_pg_dhparam.obj src/pk/dh/dh_shared_secret.obj \
@@ -173,21 +174,21 @@ src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj src/pk/ecc/ecc_ansi_x963_export
 src/pk/ecc/ecc_ansi_x963_import.obj src/pk/ecc/ecc_decrypt_key.obj src/pk/ecc/ecc_encrypt_key.obj \
 src/pk/ecc/ecc_export.obj src/pk/ecc/ecc_export_openssl.obj src/pk/ecc/ecc_find_curve.obj \
 src/pk/ecc/ecc_free.obj src/pk/ecc/ecc_get_key.obj src/pk/ecc/ecc_get_oid_str.obj src/pk/ecc/ecc_get_size.obj \
-src/pk/ecc/ecc_import.obj src/pk/ecc/ecc_import_openssl.obj src/pk/ecc/ecc_import_x509.obj \
-src/pk/ecc/ecc_make_key.obj src/pk/ecc/ecc_recover_key.obj src/pk/ecc/ecc_set_curve.obj \
-src/pk/ecc/ecc_set_curve_internal.obj src/pk/ecc/ecc_set_key.obj src/pk/ecc/ecc_shared_secret.obj \
-src/pk/ecc/ecc_sign_hash.obj src/pk/ecc/ecc_sizes.obj src/pk/ecc/ecc_test.obj src/pk/ecc/ecc_verify_hash.obj \
-src/pk/ecc/ltc_ecc_export_point.obj src/pk/ecc/ltc_ecc_import_point.obj src/pk/ecc/ltc_ecc_is_point.obj \
-src/pk/ecc/ltc_ecc_is_point_at_infinity.obj src/pk/ecc/ltc_ecc_map.obj src/pk/ecc/ltc_ecc_mul2add.obj \
-src/pk/ecc/ltc_ecc_mulmod.obj src/pk/ecc/ltc_ecc_mulmod_timing.obj src/pk/ecc/ltc_ecc_points.obj \
-src/pk/ecc/ltc_ecc_projective_add_point.obj src/pk/ecc/ltc_ecc_projective_dbl_point.obj \
-src/pk/ecc/ltc_ecc_verify_key.obj src/pk/pkcs1/pkcs_1_i2osp.obj src/pk/pkcs1/pkcs_1_mgf1.obj \
-src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj \
-src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj src/pk/pkcs1/pkcs_1_v1_5_decode.obj \
-src/pk/pkcs1/pkcs_1_v1_5_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj \
-src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_get_size.obj \
-src/pk/rsa/rsa_import.obj src/pk/rsa/rsa_import_pkcs8.obj src/pk/rsa/rsa_import_x509.obj \
-src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_set.obj src/pk/rsa/rsa_sign_hash.obj \
+src/pk/ecc/ecc_import.obj src/pk/ecc/ecc_import_openssl.obj src/pk/ecc/ecc_import_pkcs8.obj \
+src/pk/ecc/ecc_import_x509.obj src/pk/ecc/ecc_make_key.obj src/pk/ecc/ecc_recover_key.obj \
+src/pk/ecc/ecc_set_curve.obj src/pk/ecc/ecc_set_curve_internal.obj src/pk/ecc/ecc_set_key.obj \
+src/pk/ecc/ecc_shared_secret.obj src/pk/ecc/ecc_sign_hash.obj src/pk/ecc/ecc_sizes.obj src/pk/ecc/ecc_test.obj \
+src/pk/ecc/ecc_verify_hash.obj src/pk/ecc/ltc_ecc_export_point.obj src/pk/ecc/ltc_ecc_import_point.obj \
+src/pk/ecc/ltc_ecc_is_point.obj src/pk/ecc/ltc_ecc_is_point_at_infinity.obj src/pk/ecc/ltc_ecc_map.obj \
+src/pk/ecc/ltc_ecc_mul2add.obj src/pk/ecc/ltc_ecc_mulmod.obj src/pk/ecc/ltc_ecc_mulmod_timing.obj \
+src/pk/ecc/ltc_ecc_points.obj src/pk/ecc/ltc_ecc_projective_add_point.obj \
+src/pk/ecc/ltc_ecc_projective_dbl_point.obj src/pk/ecc/ltc_ecc_verify_key.obj src/pk/pkcs1/pkcs_1_i2osp.obj \
+src/pk/pkcs1/pkcs_1_mgf1.obj src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj \
+src/pk/pkcs1/pkcs_1_os2ip.obj src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj \
+src/pk/pkcs1/pkcs_1_v1_5_decode.obj src/pk/pkcs1/pkcs_1_v1_5_encode.obj src/pk/rsa/rsa_decrypt_key.obj \
+src/pk/rsa/rsa_encrypt_key.obj src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj \
+src/pk/rsa/rsa_get_size.obj src/pk/rsa/rsa_import.obj src/pk/rsa/rsa_import_pkcs8.obj \
+src/pk/rsa/rsa_import_x509.obj src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_set.obj src/pk/rsa/rsa_sign_hash.obj \
 src/pk/rsa/rsa_sign_saltlen_get.obj src/pk/rsa/rsa_verify_hash.obj src/prngs/chacha20.obj src/prngs/fortuna.obj \
 src/prngs/rc4.obj src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj \
 src/prngs/sprng.obj src/prngs/yarrow.obj src/stream/chacha/chacha_crypt.obj src/stream/chacha/chacha_done.obj \

makefile.unix

@@ -120,14 +120,15 @@ src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_sizes.o \
 src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
 src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \
 src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/padding/padding_depad.o \
-src/misc/padding/padding_pad.o src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o \
-src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
-src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
-src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
-src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
-src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
-src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/misc/padding/padding_pad.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o src/misc/pbes/pbes2.o \
+src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o src/misc/pkcs5/pkcs_5_1.o \
+src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
 src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
 src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
 src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
@@ -177,8 +178,8 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
 src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
 src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
 src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
-src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_asn1.o src/pk/asn1/oid/pk_oid_str.o \
-src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
+src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \
+src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
 src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \
 src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \
 src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \
@@ -190,21 +191,21 @@ src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \
 src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \
 src/pk/ecc/ecc_export.o src/pk/ecc/ecc_export_openssl.o src/pk/ecc/ecc_find_curve.o \
 src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_key.o src/pk/ecc/ecc_get_oid_str.o src/pk/ecc/ecc_get_size.o \
-src/pk/ecc/ecc_import.o src/pk/ecc/ecc_import_openssl.o src/pk/ecc/ecc_import_x509.o \
-src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_recover_key.o src/pk/ecc/ecc_set_curve.o \
-src/pk/ecc/ecc_set_curve_internal.o src/pk/ecc/ecc_set_key.o src/pk/ecc/ecc_shared_secret.o \
-src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
-src/pk/ecc/ltc_ecc_export_point.o src/pk/ecc/ltc_ecc_import_point.o src/pk/ecc/ltc_ecc_is_point.o \
-src/pk/ecc/ltc_ecc_is_point_at_infinity.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \
-src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \
-src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \
-src/pk/ecc/ltc_ecc_verify_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
-src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
-src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
-src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
-src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \
-src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/ecc/ecc_import.o src/pk/ecc/ecc_import_openssl.o src/pk/ecc/ecc_import_pkcs8.o \
+src/pk/ecc/ecc_import_x509.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_recover_key.o \
+src/pk/ecc/ecc_set_curve.o src/pk/ecc/ecc_set_curve_internal.o src/pk/ecc/ecc_set_key.o \
+src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o \
+src/pk/ecc/ecc_verify_hash.o src/pk/ecc/ltc_ecc_export_point.o src/pk/ecc/ltc_ecc_import_point.o \
+src/pk/ecc/ltc_ecc_is_point.o src/pk/ecc/ltc_ecc_is_point_at_infinity.o src/pk/ecc/ltc_ecc_map.o \
+src/pk/ecc/ltc_ecc_mul2add.o src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o \
+src/pk/ecc/ltc_ecc_points.o src/pk/ecc/ltc_ecc_projective_add_point.o \
+src/pk/ecc/ltc_ecc_projective_dbl_point.o src/pk/ecc/ltc_ecc_verify_key.o src/pk/pkcs1/pkcs_1_i2osp.o \
+src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o \
+src/pk/pkcs1/pkcs_1_os2ip.o src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
+src/pk/pkcs1/pkcs_1_v1_5_decode.o src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o \
+src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o \
+src/pk/rsa/rsa_get_size.o src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o \
+src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
 src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \
 src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
 src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \

makefile_include.mk

@@ -280,14 +280,15 @@ src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_sizes.o \
 src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
 src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \
 src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/padding/padding_depad.o \
-src/misc/padding/padding_pad.o src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o \
-src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
-src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
-src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
-src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
-src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
-src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/misc/padding/padding_pad.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o src/misc/pbes/pbes2.o \
+src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o src/misc/pkcs5/pkcs_5_1.o \
+src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
 src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
 src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
 src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
@@ -337,8 +338,8 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
 src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
 src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
 src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
-src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_asn1.o src/pk/asn1/oid/pk_oid_str.o \
-src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
+src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \
+src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
 src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \
 src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \
 src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \
@@ -350,21 +351,21 @@ src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \
 src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \
 src/pk/ecc/ecc_export.o src/pk/ecc/ecc_export_openssl.o src/pk/ecc/ecc_find_curve.o \
 src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_key.o src/pk/ecc/ecc_get_oid_str.o src/pk/ecc/ecc_get_size.o \
-src/pk/ecc/ecc_import.o src/pk/ecc/ecc_import_openssl.o src/pk/ecc/ecc_import_x509.o \
-src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_recover_key.o src/pk/ecc/ecc_set_curve.o \
-src/pk/ecc/ecc_set_curve_internal.o src/pk/ecc/ecc_set_key.o src/pk/ecc/ecc_shared_secret.o \
-src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
-src/pk/ecc/ltc_ecc_export_point.o src/pk/ecc/ltc_ecc_import_point.o src/pk/ecc/ltc_ecc_is_point.o \
-src/pk/ecc/ltc_ecc_is_point_at_infinity.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \
-src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \
-src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \
-src/pk/ecc/ltc_ecc_verify_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
-src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
-src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
-src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
-src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
-src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \
-src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/ecc/ecc_import.o src/pk/ecc/ecc_import_openssl.o src/pk/ecc/ecc_import_pkcs8.o \
+src/pk/ecc/ecc_import_x509.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_recover_key.o \
+src/pk/ecc/ecc_set_curve.o src/pk/ecc/ecc_set_curve_internal.o src/pk/ecc/ecc_set_key.o \
+src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o \
+src/pk/ecc/ecc_verify_hash.o src/pk/ecc/ltc_ecc_export_point.o src/pk/ecc/ltc_ecc_import_point.o \
+src/pk/ecc/ltc_ecc_is_point.o src/pk/ecc/ltc_ecc_is_point_at_infinity.o src/pk/ecc/ltc_ecc_map.o \
+src/pk/ecc/ltc_ecc_mul2add.o src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o \
+src/pk/ecc/ltc_ecc_points.o src/pk/ecc/ltc_ecc_projective_add_point.o \
+src/pk/ecc/ltc_ecc_projective_dbl_point.o src/pk/ecc/ltc_ecc_verify_key.o src/pk/pkcs1/pkcs_1_i2osp.o \
+src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o \
+src/pk/pkcs1/pkcs_1_os2ip.o src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
+src/pk/pkcs1/pkcs_1_v1_5_decode.o src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o \
+src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o \
+src/pk/rsa/rsa_get_size.o src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o \
+src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
 src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \
 src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
 src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \

src/headers/tomcrypt_custom.h

@@ -463,6 +463,7 @@
 
 #define LTC_PKCS_1
 #define LTC_PKCS_5
+#define LTC_PKCS_8
 #define LTC_PKCS_12
 
 /* Include ASN.1 DER (required by DSA/RSA) */
@@ -495,6 +496,8 @@
 
 #define LTC_PADDING
 
+#define LTC_PBES
+
 #endif /* LTC_NO_MISC */
 
 /* cleanup */
@@ -560,6 +563,15 @@
    #define LTC_PKCS_1
 #endif
 
+#if defined(LTC_MRSA) || defined(LTC_MECC)
+   #define LTC_PKCS_8
+#endif
+
+#ifdef LTC_PKCS_8
+   #define LTC_PADDING
+   #define LTC_PBES
+#endif
+
 #if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL)
    #error Pelican-MAC requires LTC_RIJNDAEL
 #endif

src/headers/tomcrypt_pk.h

@@ -282,6 +282,7 @@ int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_ke
 
 int ecc_export_openssl(unsigned char *out, unsigned long *outlen, int type, const ecc_key *key);
 int ecc_import_openssl(const unsigned char *in, unsigned long inlen, ecc_key *key);
+int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, const void *pwd, unsigned long pwdlen, ecc_key *key);
 int ecc_import_x509(const unsigned char *in, unsigned long inlen, ecc_key *key);
 
 int  ecc_shared_secret(const ecc_key *private_key, const ecc_key *public_key,

src/headers/tomcrypt_private.h

@@ -36,6 +36,36 @@ typedef struct {
 } ltc_dh_set_type;
 
 
+typedef int (*fn_kdf_t)(const unsigned char *password, unsigned long password_len,
+                              const unsigned char *salt,     unsigned long salt_len,
+                              int iteration_count,  int hash_idx,
+                              unsigned char *out,   unsigned long *outlen);
+
+typedef struct {
+   /* KDF */
+   fn_kdf_t kdf;
+   /* Hash or HMAC */
+   const char* h;
+   /* cipher */
+   const char* c;
+   unsigned long keylen;
+   /* not used for pbkdf2 */
+   unsigned long blocklen;
+} pbes_properties;
+
+typedef struct
+{
+   pbes_properties type;
+   const void *pwd;
+   unsigned long pwdlen;
+   ltc_asn1_list *enc_data;
+   ltc_asn1_list *salt;
+   ltc_asn1_list *iv;
+   unsigned long iterations;
+   /* only used for RC2 */
+   unsigned long key_bits;
+} pbes_arg;
+
 /*
  * Internal functions
  */
@@ -167,6 +197,11 @@ void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const
 
 void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz);
 
+int pbes_decrypt(const pbes_arg  *arg, unsigned char *dec_data, unsigned long *dec_size);
+
+int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res);
+int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res);
+
 
 /* tomcrypt_pk.h */
 
@@ -259,6 +294,9 @@ int dsa_int_validate_primes(const dsa_key *key, int *stat);
 #endif /* LTC_MDSA */
 
 #ifdef LTC_DER
+
+#define LTC_ASN1_IS_TYPE(e, t) (((e) != NULL) && ((e)->type == (t)))
+
 /* DER handling */
 int der_decode_custom_type_ex(const unsigned char *in, unsigned long  inlen,
                            ltc_asn1_list *root,
@@ -297,12 +335,22 @@ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long i
         unsigned int algorithm, void* public_key, unsigned long* public_key_len,
         ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len);
 
+int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long o2size);
 int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2);
 
 #endif /* LTC_DER */
 
 /* tomcrypt_pkcs.h */
 
+#ifdef LTC_PKCS_8
+
+int pkcs8_decode_flexi(const unsigned char  *in,  unsigned long inlen,
+                                    const void  *pwd, unsigned long pwdlen,
+                                 ltc_asn1_list **decoded_list);
+
+#endif  /* LTC_PKCS_8 */
+
+
 #ifdef LTC_PKCS_12
 
 int pkcs12_utf8_to_utf16(const unsigned char *in,  unsigned long  inlen,

src/misc/crypt/crypt.c

@@ -436,6 +436,9 @@ const char *crypt_build_settings =
 #if defined(LTC_PKCS_5)
     " PKCS#5 "
 #endif
+#if defined(LTC_PKCS_8)
+    " PKCS#8 "
+#endif
 #if defined(LTC_PKCS_12)
     " PKCS#12 "
 #endif
@@ -445,6 +448,10 @@ const char *crypt_build_settings =
 #if defined(LTC_HKDF)
     " HKDF "
 #endif
+#if defined(LTC_PBES)
+    " PBES1 "
+    " PBES2 "
+#endif
 #if defined(LTC_DEVRANDOM)
     " LTC_DEVRANDOM "
 #endif

src/misc/pbes/pbes.c

@@ -0,0 +1,83 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+#include "tomcrypt_private.h"
+
+#ifdef LTC_PBES
+
+/**
+   Decrypt Data encrypted via either PBES1 or PBES2
+
+   @param arg        The according PBES parameters
+   @param dec_data   [out] The decrypted data
+   @param dec_size   [in/out] The length of the encrypted resp. decrypted data
+   @return CRYPT_OK on success
+*/
+int pbes_decrypt(const pbes_arg  *arg, unsigned char *dec_data, unsigned long *dec_size)
+{
+   int err, hid = -1, cid = -1;
+   unsigned char k[32], *iv;
+   unsigned long klen, keylen, dlen;
+   long diff;
+   symmetric_CBC cbc;
+
+   LTC_ARGCHK(arg           != NULL);
+   LTC_ARGCHK(arg->type.kdf != NULL);
+   LTC_ARGCHK(dec_data      != NULL);
+   LTC_ARGCHK(dec_size      != NULL);
+
+   hid = find_hash(arg->type.h);
+   if (hid == -1) return CRYPT_INVALID_HASH;
+   cid = find_cipher(arg->type.c);
+   if (cid == -1) return CRYPT_INVALID_CIPHER;
+
+   klen = arg->type.keylen;
+
+   /* RC2 special case */
+   if (arg->key_bits != 0) {
+      /* We can't handle odd lengths of Key Bits */
+      if ((arg->key_bits % 8) != 0) return CRYPT_INVALID_KEYSIZE;
+      /* Internally we use bytes, not bits */
+      klen = arg->key_bits / 8;
+   }
+   keylen = klen;
+
+   if (arg->iv != NULL) {
+      iv = arg->iv->data;
+   } else {
+      iv = k + klen;
+      klen += arg->type.blocklen;
+   }
+
+   if (klen > sizeof(k)) return CRYPT_INVALID_ARG;
+
+   if ((err = arg->type.kdf(arg->pwd, arg->pwdlen, arg->salt->data, arg->salt->size, arg->iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR;
+   if ((err = cbc_start(cid, iv, k, keylen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR;
+   if ((err = cbc_decrypt(arg->enc_data->data, dec_data, arg->enc_data->size, &cbc)) != CRYPT_OK) goto LBL_ERROR;
+   if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR;
+   dlen = arg->enc_data->size;
+   if ((err = padding_depad(dec_data, &dlen, LTC_PAD_PKCS7)) != CRYPT_OK) goto LBL_ERROR;
+   diff = (long)arg->enc_data->size - (long)dlen;
+   if ((diff <= 0) || (diff > cipher_descriptor[cid].block_length)) {
+      err = CRYPT_PK_INVALID_PADDING;
+      goto LBL_ERROR;
+   }
+   *dec_size = dlen;
+   return CRYPT_OK;
+
+LBL_ERROR:
+   zeromem(k, sizeof(k));
+   zeromem(dec_data, *dec_size);
+   return err;
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

src/misc/pbes/pbes1.c

@@ -0,0 +1,127 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+#include "tomcrypt_private.h"
+
+#ifdef LTC_PBES
+
+static int _pkcs_5_alg1_wrap(const unsigned char *password, unsigned long password_len,
+                              const unsigned char *salt,     unsigned long salt_len,
+                              int iteration_count,  int hash_idx,
+                              unsigned char *out,   unsigned long *outlen)
+{
+   LTC_UNUSED_PARAM(salt_len);
+   return pkcs_5_alg1(password, password_len, salt, iteration_count, hash_idx, out, outlen);
+}
+
+static int _pkcs_12_wrap(const unsigned char *password, unsigned long password_len,
+                              const unsigned char *salt,     unsigned long salt_len,
+                              int iteration_count,  int hash_idx,
+                              unsigned char *out,   unsigned long *outlen)
+{
+   int err;
+   /* convert password to unicode/utf16-be */
+   unsigned long pwlen = password_len * 2;
+   unsigned char* pw;
+   if (*outlen < 32) return CRYPT_INVALID_ARG;
+   pw = XMALLOC(pwlen + 2);
+   if (pw == NULL) return CRYPT_MEM;
+   if ((err = pkcs12_utf8_to_utf16(password, password_len, pw, &pwlen) != CRYPT_OK)) goto LBL_ERROR;
+   pw[pwlen++] = 0;
+   pw[pwlen++] = 0;
+   /* derive KEY */
+   if ((err = pkcs12_kdf(hash_idx, pw, pwlen, salt, salt_len, iteration_count, 1, out, 24)) != CRYPT_OK) goto LBL_ERROR;
+   /* derive IV */
+   if ((err = pkcs12_kdf(hash_idx, pw, pwlen, salt, salt_len, iteration_count, 2, out+24, 8)) != CRYPT_OK) goto LBL_ERROR;
+
+   *outlen = 32;
+LBL_ERROR:
+   zeromem(pw, pwlen);
+   XFREE(pw);
+   return err;
+}
+
+static const pbes_properties _pbes1_types[] = {
+   { _pkcs_5_alg1_wrap, "md2",   "des",   8, 8 },
+   { _pkcs_5_alg1_wrap, "md2",   "rc2",   8, 8 },
+   { _pkcs_5_alg1_wrap, "md5",   "des",   8, 8 },
+   { _pkcs_5_alg1_wrap, "md5",   "rc2",   8, 8 },
+   { _pkcs_5_alg1_wrap, "sha1",  "des",   8, 8 },
+   { _pkcs_5_alg1_wrap, "sha1",  "rc2",   8, 8 },
+   { _pkcs_12_wrap,     "sha1",  "3des", 24, 8 },
+};
+
+typedef struct {
+   const pbes_properties *data;
+   const char *oid;
+} oid_to_pbes;
+
+static const oid_to_pbes _pbes1_list[] = {
+   { &_pbes1_types[0], "1.2.840.113549.1.5.1"    },  /* http://www.oid-info.com/get/1.2.840.113549.1.5.1    pbeWithMD2AndDES-CBC */
+   { &_pbes1_types[1], "1.2.840.113549.1.5.4"    },  /* http://www.oid-info.com/get/1.2.840.113549.1.5.4    pbeWithMD2AndRC2-CBC */
+   { &_pbes1_types[2], "1.2.840.113549.1.5.3"    },  /* http://www.oid-info.com/get/1.2.840.113549.1.5.3    pbeWithMD5AndDES-CBC */
+   { &_pbes1_types[3], "1.2.840.113549.1.5.6"    },  /* http://www.oid-info.com/get/1.2.840.113549.1.5.6    pbeWithMD5AndRC2-CBC */
+   { &_pbes1_types[4], "1.2.840.113549.1.5.10"   },  /* http://www.oid-info.com/get/1.2.840.113549.1.5.10   pbeWithSHA1AndDES-CBC */
+   { &_pbes1_types[5], "1.2.840.113549.1.5.11"   },  /* http://www.oid-info.com/get/1.2.840.113549.1.5.11   pbeWithSHA1AndRC2-CBC */
+   { &_pbes1_types[6], "1.2.840.113549.1.12.1.3" },  /* http://www.oid-info.com/get/1.2.840.113549.1.12.1.3 pbeWithSHAAnd3-KeyTripleDES-CBC */
+   { 0 },
+};
+
+static int _pbes1_from_oid(const ltc_asn1_list *oid, pbes_properties *res)
+{
+   unsigned int i;
+   for (i = 0; _pbes1_list[i].data != NULL; ++i) {
+      if (pk_oid_cmp_with_asn1(_pbes1_list[i].oid, oid) == CRYPT_OK) {
+         if (res != NULL) *res = *_pbes1_list[i].data;
+         return CRYPT_OK;
+      }
+   }
+   return CRYPT_INVALID_ARG;
+}
+
+/**
+   Extract PBES1 parameters
+
+   @param s     The start of the sequence with potential PBES1 parameters
+   @param res   Pointer to where the extracted parameters should be stored
+   @return CRYPT_OK on success
+*/
+int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res)
+{
+   int err;
+
+   LTC_ARGCHK(s   != NULL);
+   LTC_ARGCHK(res != NULL);
+
+   if ((err = _pbes1_from_oid(s, &res->type)) != CRYPT_OK) return err;
+
+   if (!LTC_ASN1_IS_TYPE(s->next, LTC_ASN1_SEQUENCE) ||
+       !LTC_ASN1_IS_TYPE(s->next->child, LTC_ASN1_OCTET_STRING) ||
+       !LTC_ASN1_IS_TYPE(s->next->child->next, LTC_ASN1_INTEGER)) {
+      return CRYPT_INVALID_PACKET;
+   }
+   /* PBES1: encrypted pkcs8 - pbeWithMD5AndDES-CBC:
+    *  0:d=0  hl=4 l= 329 cons: SEQUENCE
+    *  4:d=1  hl=2 l=  27 cons:   SEQUENCE
+    *  6:d=2  hl=2 l=   9 prim:     OBJECT             :pbeWithMD5AndDES-CBC (== 1.2.840.113549.1.5.3) (== *s)
+    * 17:d=2  hl=2 l=  14 cons:     SEQUENCE           (== *lalgparam)
+    * 19:d=3  hl=2 l=   8 prim:       OCTET STRING     [HEX DUMP]:8EDF749A06CCDE51 (== salt)
+    * 29:d=3  hl=2 l=   2 prim:       INTEGER          :0800  (== iterations)
+    * 33:d=1  hl=4 l= 296 prim:   OCTET STRING         :bytes (== encrypted data)
+    */
+   res->salt = s->next->child;
+   res->iterations = mp_get_int(s->next->child->next->data);
+
+   return CRYPT_OK;
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

src/misc/pbes/pbes2.c

@@ -0,0 +1,208 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+#include "tomcrypt_private.h"
+
+#ifdef LTC_PBES
+
+static const char *_oid_pbes2 =  "1.2.840.113549.1.5.13";
+static const char *_oid_pbkdf2 = "1.2.840.113549.1.5.12";
+
+typedef struct {
+   const char *oid;
+   const char *id;
+} oid_id_st;
+
+static const oid_id_st _hmac_oid_names[] = {
+   { "1.2.840.113549.2.7",  "sha1" },
+   { "1.2.840.113549.2.8",  "sha224" },
+   { "1.2.840.113549.2.9",  "sha256" },
+   { "1.2.840.113549.2.10", "sha384" },
+   { "1.2.840.113549.2.11", "sha512" },
+   { "1.2.840.113549.2.12", "sha512-224" },
+   { "1.2.840.113549.2.13", "sha512-256" },
+};
+
+static const pbes_properties _pbes2_default_types[] = {
+   { pkcs_5_alg2, "sha1",   "des",   8, 0 },
+   { pkcs_5_alg2, "sha1",   "rc2",   4, 0 },
+   { pkcs_5_alg2, "sha1",   "3des", 24, 0 },
+   { pkcs_5_alg2, "sha1",   "aes",  16, 0 },
+   { pkcs_5_alg2, "sha1",   "aes",  24, 0 },
+   { pkcs_5_alg2, "sha1",   "aes",  32, 0 },
+};
+
+typedef struct {
+   const pbes_properties *data;
+   const char* oid;
+} oid_to_pbes;
+
+static const oid_to_pbes _pbes2_list[] = {
+   { &_pbes2_default_types[0], "1.3.14.3.2.7"            },  /* http://www.oid-info.com/get/1.3.14.3.2.7            desCBC */
+   { &_pbes2_default_types[1], "1.2.840.113549.3.2"      },  /* http://www.oid-info.com/get/1.2.840.113549.3.2      rc2CBC */
+   { &_pbes2_default_types[2], "1.2.840.113549.3.7"      },  /* http://www.oid-info.com/get/1.2.840.113549.3.7      des-EDE3-CBC */
+   { &_pbes2_default_types[3], "2.16.840.1.101.3.4.1.2"  },  /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.2  aes128-CBC */
+   { &_pbes2_default_types[4], "2.16.840.1.101.3.4.1.22" },  /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.22 aes192-CBC */
+   { &_pbes2_default_types[5], "2.16.840.1.101.3.4.1.42" },  /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.42 aes256-CBC */
+};
+
+static int _pbes2_from_oid(const ltc_asn1_list *cipher_oid, const ltc_asn1_list *hmac_oid, pbes_properties *res)
+{
+   unsigned int i;
+   for (i = 0; i < sizeof(_pbes2_list)/sizeof(_pbes2_list[0]); ++i) {
+      if (pk_oid_cmp_with_asn1(_pbes2_list[i].oid, cipher_oid) == CRYPT_OK) {
+         *res = *_pbes2_list[i].data;
+         break;
+      }
+   }
+   if (res->c == NULL) return CRYPT_INVALID_CIPHER;
+   if (hmac_oid != NULL) {
+      for (i = 0; i < sizeof(_hmac_oid_names)/sizeof(_hmac_oid_names[0]); ++i) {
+         if (pk_oid_cmp_with_asn1(_hmac_oid_names[i].oid, hmac_oid) == CRYPT_OK) {
+            res->h = _hmac_oid_names[i].id;
+            return CRYPT_OK;
+         }
+      }
+      return CRYPT_INVALID_HASH;
+   }
+   return CRYPT_OK;
+}
+
+
+/**
+   Extract PBES2 parameters
+
+   @param s     The start of the sequence with potential PBES2 parameters
+   @param res   Pointer to where the extracted parameters should be stored
+   @return CRYPT_OK on success
+*/
+int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res)
+{
+   unsigned long klen;
+   ltc_asn1_list *lkdf, *lenc, *loptseq, *liter, *lhmac;
+   int err;
+
+   LTC_ARGCHK(s   != NULL);
+   LTC_ARGCHK(res != NULL);
+
+   if ((err = pk_oid_cmp_with_asn1(_oid_pbes2, s)) != CRYPT_OK) return err;
+
+   if (!LTC_ASN1_IS_TYPE(s->next, LTC_ASN1_SEQUENCE) ||
+       !LTC_ASN1_IS_TYPE(s->next->child, LTC_ASN1_SEQUENCE) ||
+       !LTC_ASN1_IS_TYPE(s->next->child->child, LTC_ASN1_OBJECT_IDENTIFIER) ||
+       !LTC_ASN1_IS_TYPE(s->next->child->child->next, LTC_ASN1_SEQUENCE) ||
+       !LTC_ASN1_IS_TYPE(s->next->child->next, LTC_ASN1_SEQUENCE) ||
+       !LTC_ASN1_IS_TYPE(s->next->child->next->child, LTC_ASN1_OBJECT_IDENTIFIER)) {
+      return CRYPT_INVALID_PACKET;
+   }
+   /* PBES2: encrypted pkcs8 - PBES2+PBKDF2+des-ede3-cbc:
+    *  0:d=0  hl=4 l= 380 cons: SEQUENCE
+    *  4:d=1  hl=2 l=  78 cons:   SEQUENCE
+    *  6:d=2  hl=2 l=   9 prim:     OBJECT             :PBES2 (== 1.2.840.113549.1.5.13) (== *s)
+    * 17:d=2  hl=2 l=  65 cons:     SEQUENCE
+    * 19:d=3  hl=2 l=  41 cons:       SEQUENCE
+    * 21:d=4  hl=2 l=   9 prim:         OBJECT         :PBKDF2 (== *lkdf)
+    * 32:d=4  hl=2 l=  28 cons:         SEQUENCE
+    * 34:d=5  hl=2 l=   8 prim:           OCTET STRING [HEX DUMP]:28BA4ABF6AA76A3D (== res->salt)
+    * 44:d=5  hl=2 l=   2 prim:           INTEGER      :0800 (== res->iterations, *liter)
+    * 48:d=5  hl=2 l=  12 cons:           SEQUENCE     (== *loptseq   - this sequence is optional, may be missing)
+    * 50:d=6  hl=2 l=   8 prim:             OBJECT     :hmacWithSHA256 (== *lhmac)
+    * 60:d=6  hl=2 l=   0 prim:             NULL
+    * 62:d=3  hl=2 l=  20 cons:       SEQUENCE
+    * 64:d=4  hl=2 l=   8 prim:         OBJECT         :des-ede3-cbc (== *lenc)
+    * 74:d=4  hl=2 l=   8 prim:         OCTET STRING   [HEX DUMP]:B1404C4688DC9A5A
+    * 84:d=1  hl=4 l= 296 prim:   OCTET STRING         :bytes (== encrypted data)
+    */
+   lkdf = s->next->child->child;
+   lenc = s->next->child->next->child;
+
+   if ((err = pk_oid_cmp_with_asn1(_oid_pbkdf2, lkdf)) != CRYPT_OK) return err;
+
+   if (!LTC_ASN1_IS_TYPE(lkdf->next, LTC_ASN1_SEQUENCE) ||
+       !LTC_ASN1_IS_TYPE(lkdf->next->child, LTC_ASN1_OCTET_STRING) ||
+       !LTC_ASN1_IS_TYPE(lkdf->next->child->next, LTC_ASN1_INTEGER)) {
+      return CRYPT_INVALID_PACKET;
+   }
+
+   liter = lkdf->next->child->next;
+   loptseq = liter->next;
+   res->salt = lkdf->next->child;
+   res->iterations = mp_get_int(liter->data);
+
+   /* There's an optional INTEGER keyLength after the iterations, skip that if it's there.
+    * c.f. RFC 2898 A.2 PBKDF2 */
+   if(LTC_ASN1_IS_TYPE(loptseq, LTC_ASN1_INTEGER)) {
+      loptseq = loptseq->next;
+   }
+
+   /* this sequence is optional */
+   lhmac = NULL;
+   if (LTC_ASN1_IS_TYPE(loptseq, LTC_ASN1_SEQUENCE) &&
+       LTC_ASN1_IS_TYPE(loptseq->child, LTC_ASN1_OBJECT_IDENTIFIER)) {
+      lhmac = loptseq->child;
+   }
+   if ((err = _pbes2_from_oid(lenc, lhmac, &res->type)) != CRYPT_OK) return err;
+
+   if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_OCTET_STRING)) {
+      /* 'NON-RC2'-CBC */
+      res->iv = lenc->next;
+   } else if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_SEQUENCE)) {
+      /* RC2-CBC is a bit special ...
+       *
+       * RC2-CBC-Parameter ::= SEQUENCE {
+       *     rc2ParameterVersion INTEGER OPTIONAL,
+       *     iv OCTET STRING (SIZE(8)) }
+       */
+      if (LTC_ASN1_IS_TYPE(lenc->next->child, LTC_ASN1_INTEGER) &&
+          LTC_ASN1_IS_TYPE(lenc->next->child->next, LTC_ASN1_OCTET_STRING)) {
+         klen = mp_get_int(lenc->next->child->data);
+         res->iv   = lenc->next->child->next;
+         /*
+          * Effective Key Bits         Encoding
+          *         40                    160
+          *         64                    120
+          *        128                     58
+          *       b >= 256                  b
+          */
+         switch (klen) {
+            case 160:
+               res->key_bits = 40;
+               break;
+            case 120:
+               res->key_bits = 64;
+               break;
+            case 58:
+               res->key_bits = 128;
+               break;
+            default:
+               /* We don't handle undefined Key Bits */
+               if (klen < 256) return CRYPT_INVALID_KEYSIZE;
+
+               res->key_bits = klen;
+               break;
+         }
+      } else if (LTC_ASN1_IS_TYPE(lenc->next->child, LTC_ASN1_OCTET_STRING)) {
+         res->iv   = lenc->next->child;
+         /*
+          * If the rc2ParameterVersion field is omitted, the "effective key bits"
+          * defaults to 32.
+          */
+         res->key_bits = 32;
+      } else {
+         return CRYPT_INVALID_PACKET;
+      }
+   }
+
+   return CRYPT_OK;
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

src/pk/asn1/oid/pk_oid_asn1.c → src/pk/asn1/oid/pk_oid_cmp.c

@@ -11,10 +11,10 @@
 #ifdef LTC_DER
 
 /*
-   Compare an OID string to an OID element decoded from ASN.1.
+   Compare an OID string to an array of `unsigned long`.
    @return CRYPT_OK if equal
 */
-int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2)
+int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long o2size)
 {
    unsigned long i;
    char tmp[256] = { 0 };
@@ -22,10 +22,8 @@ int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2)
 
    if (o1 == NULL || o2 == NULL) return CRYPT_ERROR;
 
-   if (o2->type != LTC_ASN1_OBJECT_IDENTIFIER) return CRYPT_INVALID_ARG;
-
    i = sizeof(tmp);
-   if ((err = pk_oid_num_to_str(o2->data, o2->size, tmp, &i)) != CRYPT_OK) {
+   if ((err = pk_oid_num_to_str(o2, o2size, tmp, &i)) != CRYPT_OK) {
       return err;
    }
 
@@ -36,6 +34,19 @@ int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2)
    return CRYPT_OK;
 }
 
+/*
+   Compare an OID string to an OID element decoded from ASN.1.
+   @return CRYPT_OK if equal
+*/
+int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2)
+{
+   if (o1 == NULL || o2 == NULL) return CRYPT_ERROR;
+
+   if (o2->type != LTC_ASN1_OBJECT_IDENTIFIER) return CRYPT_INVALID_ARG;
+
+   return pk_oid_cmp_with_ulong(o1, o2->data, o2->size);
+}
+
 #endif
 
 /* ref:         $Format:%D$ */

src/pk/asn1/pkcs8/pkcs8_decode_flexi.c

@@ -0,0 +1,107 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+#include "tomcrypt_private.h"
+
+#ifdef LTC_PKCS_8
+
+/**
+   PKCS#8 decrypt if necessary & flexi-decode
+
+   @param in            Pointer to the ASN.1 encoded input data
+   @param inlen         Length of the input data
+   @param pwd           Pointer to the password that was used when encrypting
+   @param pwdlen        Length of the password
+   @param decoded_list  Pointer to a pointer for the flexi-decoded list
+   @return CRYPT_OK on success
+*/
+int pkcs8_decode_flexi(const unsigned char  *in,  unsigned long inlen,
+                                const void  *pwd, unsigned long pwdlen,
+                             ltc_asn1_list **decoded_list)
+{
+   unsigned long len = inlen;
+   unsigned long dec_size;
+   unsigned char *dec_data = NULL;
+   ltc_asn1_list *l = NULL;
+   int err;
+
+   LTC_ARGCHK(in           != NULL);
+   LTC_ARGCHK(decoded_list != NULL);
+
+   *decoded_list = NULL;
+   if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) {
+      /* the following "if" detects whether it is encrypted or not */
+      /* PKCS8 Setup
+       *  0:d=0  hl=4 l= 380 cons: SEQUENCE
+       *  4:d=1  hl=2 l=  78 cons:   SEQUENCE
+       *  6:d=2  hl=2 l=   9 prim:     OBJECT             :OID indicating PBES1 or PBES2 (== *lalgoid)
+       * 17:d=2  hl=2 l=  65 cons:     SEQUENCE
+       *     Stuff in between is dependent on whether it's PBES1 or PBES2
+       * 84:d=1  hl=4 l= 296 prim:   OCTET STRING         :bytes (== encrypted data)
+       */
+      if (l->type == LTC_ASN1_SEQUENCE &&
+          LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_SEQUENCE) &&
+          LTC_ASN1_IS_TYPE(l->child->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
+          LTC_ASN1_IS_TYPE(l->child->child->next, LTC_ASN1_SEQUENCE) &&
+          LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) {
+         ltc_asn1_list *lalgoid = l->child->child;
+         pbes_arg pbes;
+
+         XMEMSET(&pbes, 0, sizeof(pbes));
+
+         if (pbes1_extract(lalgoid, &pbes) == CRYPT_OK) {
+            /* Successfully extracted PBES1 parameters */
+         } else if (pbes2_extract(lalgoid, &pbes) == CRYPT_OK) {
+            /* Successfully extracted PBES2 parameters */
+         } else {
+            /* unsupported encryption */
+            err = CRYPT_INVALID_PACKET;
+            goto LBL_DONE;
+         }
+
+         pbes.enc_data = l->child->next;
+         pbes.pwd = pwd;
+         pbes.pwdlen = pwdlen;
+
+         dec_size = pbes.enc_data->size;
+         if ((dec_data = XMALLOC(dec_size)) == NULL) {
+            err = CRYPT_MEM;
+            goto LBL_DONE;
+         }
+
+         if ((err = pbes_decrypt(&pbes, dec_data, &dec_size)) != CRYPT_OK) goto LBL_DONE;
+
+         der_free_sequence_flexi(l);
+         l = NULL;
+         err = der_decode_sequence_flexi(dec_data, &dec_size, &l);
+         if (err != CRYPT_OK) goto LBL_DONE;
+         *decoded_list = l;
+      }
+      else {
+         /* not encrypted */
+         err = CRYPT_OK;
+         *decoded_list = l;
+      }
+      /* Set l to NULL so it won't be free'd */
+      l = NULL;
+   }
+
+LBL_DONE:
+   if (l) der_free_sequence_flexi(l);
+   if (dec_data) {
+      zeromem(dec_data, dec_size);
+      XFREE(dec_data);
+   }
+   return err;
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

src/pk/ecc/ecc_import_pkcs8.c

@@ -0,0 +1,196 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+#include "tomcrypt_private.h"
+
+#ifdef LTC_MECC
+
+typedef struct {
+   ltc_asn1_type t;
+   ltc_asn1_list **pp;
+} der_flexi_check;
+
+#define LTC_SET_DER_FLEXI_CHECK(list, index, Type, P)    \
+   do {                                         \
+      int LTC_SDFC_temp##__LINE__ = (index);   \
+      list[LTC_SDFC_temp##__LINE__].t = Type;  \
+      list[LTC_SDFC_temp##__LINE__].pp = P;    \
+   } while (0)
+
+static int _der_flexi_sequence_cmp(const ltc_asn1_list *flexi, der_flexi_check *check)
+{
+   const ltc_asn1_list *cur;
+   if (flexi->type != LTC_ASN1_SEQUENCE) {
+      return CRYPT_INVALID_PACKET;
+   }
+   cur = flexi->child;
+   while(check->t != LTC_ASN1_EOL) {
+      if (!LTC_ASN1_IS_TYPE(cur, check->t)) {
+         return CRYPT_INVALID_PACKET;
+      }
+      if (check->pp != NULL) *check->pp = (ltc_asn1_list*)cur;
+      cur = cur->next;
+      check++;
+   }
+   return CRYPT_OK;
+}
+
+/* NOTE: _der_decode_pkcs8_flexi & related stuff can be shared with rsa_import_pkcs8() */
+
+int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen,
+                     const void *pwd, unsigned long pwdlen,
+                     ecc_key *key)
+{
+   void          *a, *b, *gx, *gy;
+   unsigned long len, cofactor, n;
+   const char    *pka_ec_oid;
+   int           err;
+   char          OID[256];
+   const ltc_ecc_curve *curve;
+   ltc_asn1_list *p = NULL, *l = NULL;
+   der_flexi_check flexi_should[7];
+   ltc_asn1_list *seq, *priv_key;
+
+   LTC_ARGCHK(in          != NULL);
+   LTC_ARGCHK(key         != NULL);
+   LTC_ARGCHK(ltc_mp.name != NULL);
+
+   /* get EC alg oid */
+   err = pk_get_oid(PKA_EC, &pka_ec_oid);
+   if (err != CRYPT_OK) return err;
+
+   /* init key */
+   err = mp_init_multi(&a, &b, &gx, &gy, NULL);
+   if (err != CRYPT_OK) return err;
+
+
+   if ((err = pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) {
+
+      /* Setup for basic structure */
+      n=0;
+      LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, NULL);
+      LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &seq);
+      LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &priv_key);
+      LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL);
+
+      if (((err = _der_flexi_sequence_cmp(l, flexi_should)) == CRYPT_OK) &&
+            (pk_oid_cmp_with_asn1(pka_ec_oid, seq->child) == CRYPT_OK)) {
+         ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor;
+
+         /* Setup for CASE 2 */
+         n=0;
+         LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &version);
+         LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &field);
+         LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &point);
+         LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &point_g);
+         LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &order);
+         LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &p_cofactor);
+         LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL);
+
+         if (LTC_ASN1_IS_TYPE(seq->child->next, LTC_ASN1_OBJECT_IDENTIFIER)) {
+            /* CASE 1: curve by OID (AKA short variant):
+             *   0:d=0  hl=2 l= 100 cons: SEQUENCE
+             *   2:d=1  hl=2 l=   1 prim:   INTEGER        :00
+             *   5:d=1  hl=2 l=  16 cons:   SEQUENCE       (== *seq)
+             *   7:d=2  hl=2 l=   7 prim:     OBJECT       :id-ecPublicKey
+             *  16:d=2  hl=2 l=   5 prim:     OBJECT       :(== *curve_oid (e.g. secp256k1 (== 1.3.132.0.10)))
+             *  23:d=1  hl=2 l=  77 prim:   OCTET STRING   :bytes (== *priv_key)
+             */
+            ltc_asn1_list *curve_oid = seq->child->next;
+            len = sizeof(OID);
+            if ((err = pk_oid_num_to_str(curve_oid->data, curve_oid->size, OID, &len)) != CRYPT_OK) { goto LBL_DONE; }
+            if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK)                          { goto LBL_DONE; }
+            if ((err = ecc_set_curve(curve, key)) != CRYPT_OK)                            { goto LBL_DONE; }
+         }
+         else if ((err = _der_flexi_sequence_cmp(seq->child->next, flexi_should)) == CRYPT_OK) {
+            /* CASE 2: explicit curve parameters (AKA long variant):
+             *   0:d=0  hl=3 l= 227 cons: SEQUENCE
+             *   3:d=1  hl=2 l=   1 prim:   INTEGER              :00
+             *   6:d=1  hl=3 l= 142 cons:   SEQUENCE             (== *seq)
+             *   9:d=2  hl=2 l=   7 prim:     OBJECT             :id-ecPublicKey
+             *  18:d=2  hl=3 l= 130 cons:     SEQUENCE
+             *  21:d=3  hl=2 l=   1 prim:       INTEGER          :01
+             *  24:d=3  hl=2 l=  44 cons:       SEQUENCE         (== *field)
+             *  26:d=4  hl=2 l=   7 prim:         OBJECT         :prime-field
+             *  35:d=4  hl=2 l=  33 prim:         INTEGER        :(== *prime / curve.prime)
+             *  70:d=3  hl=2 l=   6 cons:       SEQUENCE         (== *point)
+             *  72:d=4  hl=2 l=   1 prim:         OCTET STRING   :bytes (== curve.A)
+             *  75:d=4  hl=2 l=   1 prim:         OCTET STRING   :bytes (== curve.B)
+             *  78:d=3  hl=2 l=  33 prim:       OCTET STRING     :bytes (== *g_point / curve.G-point)
+             * 113:d=3  hl=2 l=  33 prim:       INTEGER          :(== *order / curve.order)
+             * 148:d=3  hl=2 l=   1 prim:       INTEGER          :(== curve.cofactor)
+             * 151:d=1  hl=2 l=  77 prim:   OCTET STRING         :bytes (== *priv_key)
+             */
+
+            if (mp_get_int(version->data) != 1) {
+               goto LBL_DONE;
+            }
+            cofactor = mp_get_int(p_cofactor->data);
+
+            if (LTC_ASN1_IS_TYPE(field->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
+                LTC_ASN1_IS_TYPE(field->child->next, LTC_ASN1_INTEGER) &&
+                LTC_ASN1_IS_TYPE(point->child, LTC_ASN1_OCTET_STRING) &&
+                LTC_ASN1_IS_TYPE(point->child->next, LTC_ASN1_OCTET_STRING)) {
+
+               ltc_asn1_list *prime = field->child->next;
+               if ((err = mp_read_unsigned_bin(a, point->child->data, point->child->size)) != CRYPT_OK) {
+                  goto LBL_DONE;
+               }
+               if ((err = mp_read_unsigned_bin(b, point->child->next->data, point->child->next->size)) != CRYPT_OK) {
+                  goto LBL_DONE;
+               }
+               if ((err = ltc_ecc_import_point(point_g->data, point_g->size, prime->data, a, b, gx, gy)) != CRYPT_OK) {
+                  goto LBL_DONE;
+               }
+               if ((err = ecc_set_curve_from_mpis(a, b, prime->data, order->data, gx, gy, cofactor, key)) != CRYPT_OK) {
+                  goto LBL_DONE;
+               }
+            }
+         }
+         else {
+            err = CRYPT_INVALID_PACKET;
+            goto LBL_DONE;
+         }
+
+         /* load private key value 'k' */
+         len = priv_key->size;
+         if ((err = der_decode_sequence_flexi(priv_key->data, &len, &p)) == CRYPT_OK) {
+            if (p->type == LTC_ASN1_SEQUENCE &&
+                LTC_ASN1_IS_TYPE(p->child, LTC_ASN1_INTEGER) &&
+                LTC_ASN1_IS_TYPE(p->child->next, LTC_ASN1_OCTET_STRING)) {
+               ltc_asn1_list *lk = p->child->next;
+               if (mp_cmp_d(p->child->data, 1) != LTC_MP_EQ) {
+                  err = CRYPT_INVALID_PACKET;
+                  goto LBL_ECCFREE;
+               }
+               if ((err = ecc_set_key(lk->data, lk->size, PK_PRIVATE, key)) != CRYPT_OK) {
+                  goto LBL_ECCFREE;
+               }
+               goto LBL_DONE; /* success */
+            }
+         }
+      }
+   }
+   err = CRYPT_INVALID_PACKET;
+   goto LBL_DONE;
+
+LBL_ECCFREE:
+   ecc_free(key);
+LBL_DONE:
+   mp_clear_multi(a, b, gx, gy, NULL);
+   if (l) der_free_sequence_flexi(l);
+   if (p) der_free_sequence_flexi(p);
+   return err;
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

src/pk/rsa/rsa_import_pkcs8.c

@@ -58,7 +58,7 @@ int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen,
    unsigned long oid[16];
    const char    *rsaoid;
    ltc_asn1_list alg_seq[2], top_seq[3];
-   ltc_asn1_list alg_seq_e[2], key_seq_e[2], top_seq_e[2];
+   ltc_asn1_list *l = NULL;
    unsigned char *decrypted = NULL;
    unsigned long decryptedlen;
 
@@ -83,25 +83,11 @@ int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen,
    if (err != CRYPT_OK) { goto LBL_FREE2; }
 
    /* try to decode encrypted priv key */
-   LTC_SET_ASN1(key_seq_e, 0, LTC_ASN1_OCTET_STRING, buf1, buf1len);
-   LTC_SET_ASN1(key_seq_e, 1, LTC_ASN1_INTEGER, iter, 1UL);
-   LTC_SET_ASN1(alg_seq_e, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL);
-   LTC_SET_ASN1(alg_seq_e, 1, LTC_ASN1_SEQUENCE, key_seq_e, 2UL);
-   LTC_SET_ASN1(top_seq_e, 0, LTC_ASN1_SEQUENCE, alg_seq_e, 2UL);
-   LTC_SET_ASN1(top_seq_e, 1, LTC_ASN1_OCTET_STRING, buf2, buf2len);
-   err=der_decode_sequence(in, inlen, top_seq_e, 2UL);
-   if (err == CRYPT_OK) {
-      LTC_UNUSED_PARAM(passwd);
-      LTC_UNUSED_PARAM(passwdlen);
-      /* XXX: TODO encrypted pkcs8 not implemented yet */
-      /* fprintf(stderr, "decrypt: iter=%ld salt.len=%ld encdata.len=%ld\n", mp_get_int(iter), key_seq_e[0].size, top_seq_e[1].size); */
-      err = CRYPT_PK_INVALID_TYPE;
+   if ((err = pkcs8_decode_flexi(in, inlen, passwd, passwdlen, &l)) != CRYPT_OK) {
       goto LBL_ERR;
    }
-   else {
-      decrypted    = (unsigned char *)in;
-      decryptedlen = inlen;
-   }
+   decrypted    = l->data;
+   decryptedlen = l->size;
 
    /* try to decode unencrypted priv key */
    LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL);
@@ -136,6 +122,7 @@ int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen,
 LBL_ERR:
    rsa_free(key);
 LBL_FREE2:
+   if (l) der_free_sequence_flexi(l);
    mp_clear_multi(iter, zero, NULL);
    XFREE(buf2);
 LBL_FREE1:

tests/common.c

@@ -100,7 +100,7 @@ int test_process_dir(const char *path, void *ctx, dir_iter_cb process, dir_clean
       return CRYPT_FILE_NOTFOUND;
    while((de = readdir(d)) != NULL) {
       fname[0] = '\0';
-      if (strcmp(de->d_name, ".") == 0 || strcmp(de->d_name, "..") == 0)
+      if (strcmp(de->d_name, ".") == 0 || strcmp(de->d_name, "..") == 0 || strcmp(de->d_name, "README.txt") == 0)
          continue;
       strcat(fname, path);
       strcat(fname, "/");

tests/ecc_test.c

@@ -630,6 +630,26 @@ static int _ecc_import_export(void) {
         openssl req -new -x509 -keyform der -key long_pric.der  -sha512 -subj '/CN=Test Cert EC' -out x509_cert_longc.der  -outform der -days 365000
         openssl req -new -x509 -keyform der -key short_pri.der  -sha512 -subj '/CN=Test Cert EC' -out x509_cert_short.der  -outform der -days 365000
         openssl req -new -x509 -keyform der -key short_pric.der -sha512 -subj '/CN=Test Cert EC' -out x509_cert_shortc.der -outform der -days 365000
+        # pkcs8 without password
+        openssl pkcs8 -topk8 -inform DER -outform DER -nocrypt -in long_pri.der   -out long_pri_pkcs8.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -nocrypt -in long_pric.der  -out long_pric_pkcs8.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -nocrypt -in short_pri.der  -out short_pri_pkcs8.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -nocrypt -in short_pric.der -out short_pric_pkcs8.der
+        # password protected - PBES1
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD2-DES     -out long_pri_pkcs8_pbe_md2_des.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD2-RC2-64  -out long_pri_pkcs8_pbe_md2_rc2_64.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD5-DES     -out long_pri_pkcs8_pbe_md5_des.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-SHA1-RC2-64 -out long_pri_pkcs8_pbe_sha1_rc2_64.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD5-RC2-64  -out long_pri_pkcs8_pbe_md5_rc2_64.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-SHA1-DES    -out long_pri_pkcs8_pbe_sha1_des.der
+        # password protected - PBES2
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 rc2  -out long_pri_pkcs8_pbkdf2_rc2_cbc.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des  -out long_pri_pkcs8_pbkdf2_des_cbc.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -out long_pri_pkcs8_pbkdf2_des_ede3_cbc.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA224 -out long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA256 -out long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA384 -out long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.der
+        openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA512 -out long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.der
     */
    static const unsigned char long_pri[] = { /* private + long public, explicit curve params */
       0x30, 0x82, 0x01, 0x13, 0x02, 0x01, 0x01, 0x04, 0x20, 0x0c, 0xf1, 0xad, 0x2f, 0x03, 0xf7, 0x91,
@@ -651,6 +671,372 @@ static int _ecc_import_export(void) {
       0x6c, 0x6e, 0x32, 0x5b, 0xf7, 0x63, 0x62, 0x94, 0x24, 0x24, 0xdb, 0xec, 0x3f, 0x8b, 0xe5, 0x6e,
       0x4b, 0x64, 0x37, 0x31, 0x24, 0x79, 0x4d
    };
+   static const unsigned char long_pri_pkcs8[] = { /* private + long public, explicit curve params, PKCS8 */
+      0x30, 0x82, 0x01, 0x23, 0x02, 0x01, 0x00, 0x30, 0x81, 0xae, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
+      0x3d, 0x02, 0x01, 0x30, 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48,
+      0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+      0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04,
+      0x41, 0x04, 0x79, 0xbe, 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0, 0x62, 0x95, 0xce, 0x87,
+      0x0b, 0x07, 0x02, 0x9b, 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2, 0x81, 0x5b, 0x16, 0xf8,
+      0x17, 0x98, 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, 0x0e, 0x11,
+      0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10,
+      0xd4, 0xb8, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+      0xff, 0xff, 0xff, 0xff, 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e,
+      0x8c, 0xd0, 0x36, 0x41, 0x41, 0x02, 0x01, 0x01, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04,
+      0x20, 0x0c, 0xf1, 0xad, 0x2f, 0x03, 0xf7, 0x91, 0x1b, 0xba, 0x03, 0xcf, 0x23, 0x37, 0xc8, 0xf2,
+      0xf7, 0x36, 0xce, 0x65, 0xf1, 0x84, 0x2d, 0x7d, 0x9f, 0x5f, 0x9e, 0x21, 0xd9, 0x5e, 0x49, 0xbd,
+      0x23, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x2a, 0xf9, 0x0b, 0xda, 0xbe, 0x71, 0x66, 0x9e, 0xd1,
+      0xcf, 0x12, 0xd0, 0x24, 0xaf, 0xba, 0xb6, 0x7f, 0xfb, 0x96, 0x27, 0x3e, 0x2f, 0xbd, 0x1e, 0xd5,
+      0xf9, 0x8d, 0x6c, 0x73, 0x9d, 0xc5, 0x16, 0x91, 0xbd, 0xb2, 0xb9, 0x1b, 0x40, 0x10, 0x5a, 0xb7,
+      0x6c, 0x6e, 0x32, 0x5b, 0xf7, 0x63, 0x62, 0x94, 0x24, 0x24, 0xdb, 0xec, 0x3f, 0x8b, 0xe5, 0x6e,
+      0x4b, 0x64, 0x37, 0x31, 0x24, 0x79, 0x4d
+   };
+#if defined(LTC_MD2) && defined(LTC_DES)
+   static const unsigned char long_pri_pkcs8_pbe_md2_des[] = {
+      0x30, 0x82, 0x01, 0x49, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x01, 0x30, 0x0e, 0x04, 0x08, 0xd8, 0x1c, 0x80, 0xac, 0xd9, 0xfa, 0x9d, 0xbc, 0x02, 0x02, 0x08,
+      0x00, 0x04, 0x82, 0x01, 0x28, 0xe1, 0xd5, 0xa8, 0x9a, 0xa8, 0x23, 0x85, 0x53, 0x18, 0xb3, 0x96,
+      0x67, 0x8d, 0x45, 0x72, 0xf8, 0x69, 0xc4, 0xb1, 0x01, 0x3e, 0x04, 0xf7, 0xf7, 0x5d, 0x07, 0xad,
+      0xec, 0x8e, 0xd6, 0x23, 0x00, 0xe7, 0x59, 0xb0, 0x98, 0xbb, 0xdb, 0x85, 0xdb, 0x59, 0x4d, 0xb5,
+      0x53, 0xb3, 0x32, 0x50, 0x66, 0x75, 0xc4, 0x69, 0x05, 0x07, 0xee, 0xd4, 0xd8, 0x33, 0xcd, 0x4c,
+      0x94, 0xad, 0x82, 0xc7, 0x89, 0x53, 0x65, 0x9f, 0x55, 0x44, 0x95, 0x20, 0xe8, 0x4a, 0xc2, 0xef,
+      0x41, 0xf2, 0x9d, 0xf8, 0x3d, 0x16, 0x8a, 0x6a, 0x4e, 0x85, 0x90, 0xa7, 0xf9, 0xf8, 0xac, 0x16,
+      0x76, 0xf2, 0x29, 0x4b, 0x93, 0xec, 0xd8, 0x17, 0x3f, 0x89, 0x84, 0x79, 0x75, 0x90, 0x5f, 0xc3,
+      0xf2, 0xb8, 0x1a, 0x0a, 0x25, 0xf4, 0xe2, 0x59, 0xe0, 0xea, 0xa6, 0x57, 0xc4, 0x9c, 0xce, 0xfd,
+      0xa8, 0xbc, 0xf6, 0x0d, 0x3a, 0x47, 0x14, 0x9d, 0x6a, 0x92, 0x77, 0xe4, 0xcb, 0x88, 0x6e, 0xfa,
+      0x19, 0xa4, 0x3d, 0x58, 0xdb, 0x5f, 0xc7, 0xad, 0x91, 0x64, 0xb0, 0x1f, 0xe2, 0x66, 0xc5, 0x5a,
+      0x28, 0x21, 0xb0, 0xc1, 0xc8, 0x73, 0x55, 0xd8, 0x43, 0x66, 0x6a, 0x5c, 0xcd, 0xb0, 0x89, 0x60,
+      0x59, 0x31, 0xe0, 0x2f, 0x20, 0x3b, 0x83, 0xdf, 0x27, 0xcf, 0x33, 0xcc, 0xb9, 0xb6, 0xe0, 0xec,
+      0x8b, 0x94, 0x4b, 0xc4, 0x1c, 0x25, 0xba, 0x97, 0x6c, 0x83, 0x22, 0x8c, 0xca, 0x9d, 0xc6, 0xaa,
+      0x74, 0x3f, 0x46, 0xdc, 0xba, 0x7a, 0x36, 0x04, 0xa7, 0xc8, 0x65, 0xb4, 0xf7, 0x14, 0x53, 0x8c,
+      0xff, 0x4d, 0x19, 0xc1, 0xdb, 0xa4, 0xcc, 0x52, 0xc2, 0xd9, 0x38, 0x16, 0x8f, 0xd8, 0x6e, 0x55,
+      0x41, 0xa8, 0xe0, 0x15, 0xd6, 0x2d, 0xa4, 0x37, 0x9f, 0xcc, 0x42, 0x3c, 0xcb, 0xcc, 0x92, 0x04,
+      0xc8, 0xcf, 0xbc, 0x60, 0xfb, 0x45, 0xff, 0x62, 0x74, 0xa1, 0xe9, 0xba, 0x1e, 0x5d, 0x44, 0x6f,
+      0x0e, 0xac, 0xdf, 0xde, 0xb1, 0xbb, 0x47, 0x5e, 0x0c, 0x88, 0x0a, 0x85, 0x0b, 0xa8, 0x9e, 0xcb,
+      0x32, 0x99, 0x8d, 0xb1, 0xdd, 0x12, 0x08, 0xeb, 0x7e, 0x45, 0x70, 0x12, 0xe3
+   };
+#endif
+#if defined(LTC_MD2) && defined(LTC_RC2)
+   static const unsigned char long_pri_pkcs8_pbe_md2_rc2_64[] = {
+      0x30, 0x82, 0x01, 0x49, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x04, 0x30, 0x0e, 0x04, 0x08, 0xa2, 0x28, 0xb7, 0x2a, 0x08, 0x1c, 0x4a, 0xc4, 0x02, 0x02, 0x08,
+      0x00, 0x04, 0x82, 0x01, 0x28, 0x78, 0x12, 0x02, 0x58, 0x9b, 0xea, 0x77, 0xba, 0x84, 0x20, 0x96,
+      0x63, 0xf0, 0xf3, 0x38, 0x0b, 0x98, 0x53, 0x63, 0x8d, 0xa4, 0x5a, 0xa0, 0xa9, 0x21, 0x93, 0xd0,
+      0x56, 0xc9, 0xd2, 0x67, 0xb2, 0x5e, 0xb5, 0x9f, 0x15, 0x8c, 0x3c, 0x9a, 0xaf, 0x9c, 0xe5, 0x8b,
+      0xe6, 0x61, 0xac, 0xa4, 0x26, 0x75, 0x96, 0xea, 0x73, 0xaf, 0xd6, 0xb7, 0x4c, 0x66, 0x33, 0x98,
+      0x9e, 0x0b, 0xf8, 0xe6, 0x9c, 0xfd, 0x83, 0x0f, 0x55, 0x86, 0x9f, 0xa9, 0xf0, 0x23, 0xcb, 0x80,
+      0xe5, 0x32, 0x50, 0xea, 0x5b, 0x7d, 0xe2, 0x69, 0xc4, 0x6b, 0x61, 0xb2, 0xb8, 0x81, 0xe9, 0x05,
+      0xcb, 0x76, 0xae, 0xa5, 0x37, 0x0f, 0x3c, 0xe6, 0xde, 0x24, 0x6a, 0x9c, 0xf2, 0x0a, 0x28, 0x6a,
+      0xc9, 0xec, 0xef, 0xd7, 0xda, 0xcc, 0xf4, 0x3b, 0x74, 0x36, 0xc5, 0xaf, 0x53, 0xd8, 0xf4, 0x30,
+      0x0b, 0xd4, 0xb6, 0x36, 0xdc, 0x90, 0x4f, 0x83, 0x44, 0x79, 0xea, 0xc9, 0xb7, 0xb2, 0xd0, 0x03,
+      0xa6, 0x63, 0x7e, 0x1d, 0xa8, 0x4e, 0x93, 0x16, 0x7a, 0x4f, 0xd2, 0x8b, 0xd6, 0x78, 0x7d, 0x48,
+      0x41, 0x7c, 0xba, 0xc3, 0x64, 0x6f, 0x11, 0x22, 0x6d, 0x40, 0xb8, 0xc9, 0x03, 0x7a, 0x2c, 0xdf,
+      0x76, 0x78, 0x4f, 0x5f, 0x50, 0x03, 0x7a, 0xaf, 0x78, 0x91, 0xbb, 0x2a, 0xe6, 0x5e, 0x0f, 0xf5,
+      0x60, 0x9e, 0x8a, 0x2f, 0xdb, 0x9e, 0x57, 0xbe, 0xf6, 0x0f, 0x76, 0x6e, 0x44, 0x91, 0x7b, 0x36,
+      0x88, 0x9c, 0xf9, 0xbe, 0x13, 0x3e, 0x6b, 0x85, 0x62, 0xda, 0x1f, 0xf9, 0x73, 0x98, 0x8a, 0x0d,
+      0xdf, 0x11, 0x74, 0x18, 0xe1, 0x1c, 0xd1, 0x3f, 0x02, 0x43, 0xd4, 0x46, 0xe3, 0x8a, 0x3b, 0x6c,
+      0x7f, 0x81, 0xb4, 0xc3, 0x85, 0x4f, 0x89, 0x67, 0x26, 0x5a, 0x08, 0x35, 0x31, 0xd3, 0x15, 0xbb,
+      0xcc, 0x7d, 0x7b, 0x99, 0x41, 0xdb, 0x43, 0xa0, 0x83, 0x84, 0x74, 0x6c, 0x0a, 0x80, 0x46, 0xdc,
+      0xc8, 0x88, 0x87, 0x01, 0x21, 0x19, 0xd4, 0x1e, 0xf4, 0x09, 0x0e, 0x18, 0x31, 0x91, 0x37, 0x35,
+      0x1d, 0x07, 0xaf, 0x87, 0x92, 0x3d, 0xf8, 0xee, 0x6f, 0x87, 0x7b, 0x52, 0x3d
+   };
+#endif
+#if defined(LTC_MD5) && defined(LTC_DES)
+   static const unsigned char long_pri_pkcs8_pbe_md5_des[] = {
+      0x30, 0x82, 0x01, 0x49, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x03, 0x30, 0x0e, 0x04, 0x08, 0x33, 0xe7, 0xd9, 0xf1, 0x35, 0xd9, 0x74, 0x83, 0x02, 0x02, 0x08,
+      0x00, 0x04, 0x82, 0x01, 0x28, 0x2f, 0x77, 0x7c, 0x48, 0xc9, 0x43, 0x6d, 0xdb, 0xd0, 0x1a, 0xef,
+      0xfb, 0x29, 0x5e, 0x53, 0xa3, 0x52, 0x28, 0x27, 0x76, 0xc2, 0x01, 0x76, 0x5a, 0xea, 0x98, 0xe6,
+      0x72, 0xdf, 0x06, 0xa2, 0xf5, 0xd0, 0x7b, 0x74, 0xe4, 0x6b, 0x98, 0xa6, 0xb5, 0xe1, 0x02, 0xf7,
+      0xab, 0x2c, 0xf1, 0xeb, 0xf4, 0xec, 0xa6, 0xba, 0xd3, 0xd5, 0xb2, 0x26, 0x83, 0xeb, 0xff, 0xc9,
+      0xf8, 0x7b, 0xbf, 0xab, 0xdc, 0xe5, 0xe4, 0x91, 0xd5, 0x48, 0xba, 0x49, 0xcb, 0xc5, 0xf1, 0x71,
+      0x48, 0x1e, 0x96, 0x7c, 0x10, 0xe4, 0xa9, 0x35, 0xa7, 0xe6, 0x82, 0x97, 0x6f, 0xe4, 0x64, 0xd4,
+      0x53, 0xa9, 0xf1, 0x1b, 0x6c, 0x31, 0xa1, 0xc7, 0x12, 0x46, 0x45, 0x6f, 0x45, 0xb2, 0x09, 0x3a,
+      0xfe, 0x35, 0x4e, 0xbf, 0x7d, 0xf8, 0xcf, 0x94, 0x78, 0x0c, 0x78, 0xfb, 0xce, 0xc1, 0x30, 0xcd,
+      0x6d, 0x6b, 0x08, 0x5e, 0xf6, 0xf5, 0x97, 0xff, 0x5e, 0x63, 0x44, 0x36, 0xa5, 0x71, 0x04, 0xe5,
+      0x2d, 0xd9, 0xe3, 0x41, 0x91, 0x09, 0x1e, 0xa3, 0x30, 0xff, 0x12, 0x2a, 0x7a, 0xe1, 0x8f, 0x9c,
+      0x38, 0x13, 0x3d, 0xc3, 0xbb, 0x68, 0xfa, 0xc0, 0xc6, 0x35, 0x77, 0xed, 0xe8, 0x73, 0xca, 0xc3,
+      0x87, 0x62, 0xa9, 0x0e, 0xef, 0xcf, 0x73, 0x3c, 0xb3, 0xa0, 0x1b, 0xb5, 0x5d, 0x72, 0x89, 0x82,
+      0xd4, 0xf6, 0x37, 0x0b, 0x57, 0x8f, 0x48, 0xd4, 0xf1, 0x10, 0xa1, 0xe5, 0x25, 0x90, 0xeb, 0xde,
+      0x8d, 0x2a, 0x9d, 0xfb, 0x7c, 0x0d, 0xdc, 0x38, 0x45, 0x9e, 0xa0, 0x05, 0x98, 0x4e, 0x72, 0x9f,
+      0x3d, 0xde, 0xc7, 0x00, 0xf9, 0xaf, 0xdc, 0x67, 0x47, 0x73, 0xf7, 0xcf, 0x63, 0x80, 0xe3, 0x05,
+      0xb3, 0xda, 0x9f, 0x4b, 0x27, 0xd3, 0x14, 0xc9, 0x62, 0xd5, 0x09, 0xde, 0x4d, 0xe7, 0x21, 0x67,
+      0xfa, 0x10, 0x34, 0x18, 0xbf, 0xde, 0xf7, 0x95, 0x25, 0x6d, 0xba, 0xe4, 0x10, 0xf0, 0x9d, 0x05,
+      0x7b, 0xe4, 0xb5, 0xc0, 0x21, 0xb3, 0x7d, 0xcd, 0x1d, 0x80, 0xd0, 0x10, 0xd4, 0xdb, 0x9f, 0x06,
+      0xd5, 0x86, 0xea, 0x62, 0x96, 0xb7, 0x31, 0x73, 0xde, 0x25, 0xd0, 0xbb, 0xb2
+   };
+#endif
+#if defined(LTC_MD5) && defined(LTC_RC2)
+   static const unsigned char long_pri_pkcs8_pbe_md5_rc2_64[] = {
+      0x30, 0x82, 0x01, 0x49, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x06, 0x30, 0x0e, 0x04, 0x08, 0x95, 0x82, 0x6d, 0x08, 0xe4, 0x7e, 0xae, 0x5f, 0x02, 0x02, 0x08,
+      0x00, 0x04, 0x82, 0x01, 0x28, 0x93, 0x2c, 0xd8, 0x27, 0xed, 0x13, 0xe1, 0x31, 0xef, 0x7c, 0x44,
+      0x9c, 0xce, 0x85, 0x17, 0x38, 0x5a, 0xe3, 0xd8, 0xe9, 0xfd, 0x1e, 0x81, 0xae, 0x9c, 0xd7, 0x8b,
+      0x11, 0x4e, 0x92, 0x08, 0x3a, 0x97, 0x2c, 0x4f, 0x9a, 0xb7, 0x10, 0xda, 0x6a, 0x06, 0x9e, 0xe2,
+      0xb6, 0x41, 0xf8, 0xb3, 0xd4, 0x42, 0xcc, 0x67, 0xe8, 0x25, 0x76, 0x9a, 0xc2, 0x66, 0x1a, 0x94,
+      0x19, 0x0c, 0xe1, 0x43, 0x27, 0x27, 0x1e, 0xad, 0xfb, 0xce, 0xb7, 0x96, 0xfb, 0x5d, 0x6d, 0xf3,
+      0xe1, 0x73, 0xc5, 0x1c, 0xa0, 0xbe, 0x94, 0x2c, 0xe7, 0x1c, 0x04, 0xa9, 0xfe, 0xdf, 0x15, 0x79,
+      0x0c, 0x5e, 0xf8, 0xe2, 0xb9, 0x4a, 0xa0, 0xc5, 0x89, 0x2c, 0xf8, 0x1d, 0x5f, 0xcc, 0xf0, 0xb6,
+      0xe8, 0x31, 0xeb, 0xe5, 0xb4, 0x9d, 0x2a, 0xa8, 0x8d, 0xff, 0x69, 0xf7, 0x83, 0x65, 0xbb, 0xa2,
+      0xdd, 0xcd, 0x97, 0x41, 0x6e, 0xfa, 0xb6, 0xe1, 0x76, 0x7e, 0xa3, 0x24, 0x9b, 0x23, 0x58, 0x0e,
+      0xeb, 0x08, 0x00, 0x96, 0x53, 0xae, 0x6c, 0xb9, 0xaa, 0x5c, 0x9a, 0xf8, 0xee, 0xcd, 0xfd, 0xe5,
+      0xc5, 0x40, 0x62, 0x58, 0x6d, 0xf0, 0x10, 0xd5, 0x85, 0xeb, 0xed, 0x8a, 0x75, 0xe9, 0x8c, 0x2b,
+      0xe7, 0x39, 0xaf, 0xb1, 0x15, 0xdb, 0x4f, 0xe3, 0xa5, 0x24, 0x1d, 0xd2, 0xae, 0x82, 0x88, 0x1a,
+      0x37, 0x4c, 0x6b, 0x30, 0x9d, 0x6f, 0x93, 0x9c, 0x87, 0x99, 0xd1, 0x1c, 0x93, 0x0c, 0xbb, 0xf9,
+      0x70, 0x36, 0x28, 0x56, 0x68, 0x27, 0x2f, 0x1e, 0xf1, 0x86, 0x0a, 0x23, 0x04, 0xe6, 0x72, 0x1f,
+      0x1b, 0x71, 0x45, 0x0b, 0xe7, 0x74, 0x45, 0x8e, 0x7f, 0x94, 0xbc, 0xcd, 0x6c, 0xf8, 0xf3, 0xed,
+      0x44, 0x02, 0x4d, 0x0a, 0xdd, 0xe9, 0xe4, 0x46, 0x31, 0x94, 0x28, 0x9b, 0x5f, 0x05, 0x37, 0xf4,
+      0x05, 0x9c, 0xa3, 0x9c, 0xdf, 0xb7, 0xfb, 0xab, 0xe0, 0x07, 0x26, 0x40, 0x79, 0x12, 0x9a, 0x78,
+      0xf6, 0xb6, 0x30, 0x3d, 0x4e, 0x16, 0x2e, 0x39, 0x96, 0x98, 0x2a, 0x8c, 0xa7, 0xdb, 0xa0, 0x4a,
+      0x3f, 0x42, 0x30, 0xd3, 0x5d, 0xd0, 0x26, 0xd0, 0xc5, 0xd5, 0xa4, 0x10, 0x10
+   };
+#endif
+#if defined(LTC_SHA1) && defined(LTC_DES)
+   static const unsigned char long_pri_pkcs8_pbe_sha1_des[] = {
+      0x30, 0x82, 0x01, 0x49, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x0a, 0x30, 0x0e, 0x04, 0x08, 0x7c, 0x01, 0xae, 0xc9, 0x05, 0x43, 0x40, 0x70, 0x02, 0x02, 0x08,
+      0x00, 0x04, 0x82, 0x01, 0x28, 0xff, 0x96, 0x47, 0x56, 0x02, 0xd5, 0xd3, 0x2a, 0xf0, 0x44, 0x47,
+      0x7e, 0x74, 0x28, 0x62, 0x3f, 0x2b, 0xd4, 0xa9, 0xcc, 0x2c, 0xb7, 0x03, 0xc7, 0xa6, 0x39, 0xde,
+      0xc1, 0x46, 0xf1, 0xcd, 0x53, 0xb8, 0x76, 0xcd, 0xb8, 0xfd, 0xe8, 0x96, 0x1d, 0x52, 0xc5, 0xc2,
+      0x33, 0x2c, 0x2e, 0x4a, 0xe1, 0x83, 0x2e, 0x8a, 0x3a, 0x73, 0xfe, 0x50, 0x70, 0xcf, 0x2a, 0x29,
+      0xd5, 0x8a, 0x77, 0x96, 0xa3, 0x29, 0x7e, 0xfa, 0x74, 0xde, 0x78, 0x31, 0xd6, 0x78, 0x0a, 0x4f,
+      0x67, 0x8e, 0x26, 0xc9, 0x64, 0xf3, 0xde, 0xda, 0x5d, 0x15, 0xc2, 0x6b, 0x22, 0x25, 0x9e, 0x98,
+      0x41, 0x71, 0x4c, 0x09, 0x56, 0x90, 0x44, 0x7d, 0x16, 0xab, 0x7e, 0xd3, 0x75, 0x54, 0xbd, 0x88,
+      0x85, 0x4a, 0x01, 0xf4, 0x17, 0x19, 0xe2, 0x43, 0x5f, 0x31, 0xf9, 0x0b, 0x78, 0xd3, 0xb6, 0xc8,
+      0xa0, 0x29, 0x65, 0x86, 0xbc, 0x4b, 0xcb, 0xe2, 0xe8, 0xe7, 0x06, 0xe2, 0x27, 0xa3, 0x6a, 0xdc,
+      0x9f, 0x42, 0x40, 0xc4, 0x38, 0x49, 0x3b, 0x15, 0x28, 0x82, 0x9f, 0xa0, 0x2d, 0x42, 0x30, 0xa9,
+      0x28, 0x84, 0x41, 0x2b, 0xa3, 0xfb, 0xf1, 0x74, 0xa1, 0xfa, 0xff, 0x9d, 0xb6, 0x7e, 0x9b, 0x9f,
+      0xfa, 0xbd, 0x00, 0x17, 0x17, 0xa6, 0xb5, 0x2a, 0x1f, 0x6b, 0x55, 0x6c, 0xd4, 0x4b, 0xbe, 0xbb,
+      0xa5, 0xa7, 0x9f, 0x0c, 0x90, 0x04, 0x91, 0x09, 0x4d, 0x82, 0xe1, 0x67, 0x21, 0x96, 0x3a, 0x3b,
+      0xcf, 0x7f, 0xe9, 0xb9, 0xcc, 0x56, 0xd8, 0xc7, 0xe4, 0x98, 0x30, 0x11, 0x8f, 0xfd, 0xe5, 0xbc,
+      0x5e, 0xc4, 0x60, 0xe9, 0xd4, 0xc6, 0xf2, 0x60, 0xf3, 0xcd, 0x36, 0xa4, 0xe4, 0x6c, 0xfe, 0xbf,
+      0xab, 0xd5, 0x2f, 0x12, 0xf4, 0xa2, 0xf0, 0xeb, 0x10, 0xd9, 0x74, 0xef, 0x7c, 0x37, 0x8d, 0xdd,
+      0xc1, 0xaa, 0x84, 0xf6, 0xf1, 0xb6, 0x5b, 0x43, 0x51, 0x06, 0x78, 0xae, 0x8e, 0x9d, 0xc5, 0xc9,
+      0x26, 0xdc, 0x05, 0xa3, 0x00, 0xfa, 0x4a, 0x27, 0x5f, 0x19, 0xf3, 0x88, 0x2e, 0x01, 0xb8, 0xe7,
+      0x23, 0x37, 0x77, 0xa1, 0xbb, 0xb0, 0x66, 0xe2, 0xba, 0x10, 0x50, 0x06, 0x65
+   };
+#endif
+#if defined(LTC_SHA1) && defined(LTC_RC2)
+   static const unsigned char long_pri_pkcs8_pbe_sha1_rc2_64[] = {
+      0x30, 0x82, 0x01, 0x49, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x0b, 0x30, 0x0e, 0x04, 0x08, 0x64, 0x3c, 0xdb, 0x86, 0xd9, 0xa0, 0xae, 0x3e, 0x02, 0x02, 0x08,
+      0x00, 0x04, 0x82, 0x01, 0x28, 0x78, 0x85, 0x55, 0x7f, 0x37, 0xb8, 0xf7, 0xff, 0x94, 0x94, 0xf3,
+      0xf2, 0x21, 0x05, 0x6d, 0x75, 0xca, 0x03, 0x1c, 0xa3, 0x9f, 0x47, 0x41, 0x14, 0x57, 0xdd, 0x63,
+      0x71, 0x6c, 0xc2, 0x51, 0x14, 0x4a, 0x0d, 0x63, 0x12, 0xa8, 0x27, 0xf6, 0x3c, 0xb7, 0x47, 0x6d,
+      0xa0, 0x72, 0xfe, 0x60, 0x9f, 0x1c, 0xc8, 0xe4, 0xe5, 0xfe, 0x68, 0x9d, 0x85, 0x0f, 0x8e, 0x52,
+      0x2e, 0x30, 0xd5, 0x81, 0xd8, 0xc9, 0x05, 0x14, 0x1b, 0x1b, 0xf3, 0xbc, 0x95, 0x6d, 0x5d, 0x94,
+      0x71, 0xff, 0xa8, 0xfe, 0xa7, 0x34, 0xff, 0x30, 0xbe, 0x8e, 0xe4, 0x65, 0x6b, 0xd0, 0xa2, 0x43,
+      0x42, 0x14, 0x63, 0x36, 0x6f, 0x5d, 0x79, 0x56, 0x1b, 0x23, 0xd6, 0xdf, 0x39, 0x75, 0x48, 0x07,
+      0xa2, 0x5f, 0x8d, 0x11, 0x7c, 0x95, 0x48, 0x18, 0x2d, 0xdd, 0x92, 0x14, 0x4f, 0xfd, 0x45, 0x7e,
+      0x60, 0x68, 0xde, 0x47, 0x04, 0x0d, 0x0a, 0xa6, 0x3a, 0x30, 0xcb, 0x29, 0xc7, 0x9e, 0x27, 0xc3,
+      0x2d, 0x49, 0xbd, 0x1e, 0xc5, 0xc9, 0xd8, 0xd2, 0x22, 0x72, 0xe2, 0xd0, 0x8e, 0x03, 0xe8, 0x84,
+      0xfd, 0x7e, 0xb8, 0x8a, 0xd7, 0x70, 0x6d, 0x0b, 0xec, 0x67, 0xd0, 0xb3, 0x08, 0x9a, 0x31, 0x32,
+      0x43, 0x1f, 0xa3, 0xd1, 0x6b, 0x3a, 0x63, 0xbc, 0xca, 0x25, 0x1e, 0x55, 0xd7, 0x21, 0x68, 0x77,
+      0xfa, 0x41, 0x70, 0xdc, 0x3a, 0xfb, 0x05, 0x19, 0xd8, 0x8a, 0xe3, 0xe7, 0xfc, 0xf1, 0xc1, 0x0d,
+      0xd4, 0x9e, 0x64, 0xd0, 0x91, 0xa5, 0x4d, 0x7b, 0x8b, 0xd9, 0xee, 0xa7, 0x6b, 0x2b, 0x0f, 0xd9,
+      0xcf, 0xb3, 0xb4, 0x5b, 0x4e, 0xcc, 0xac, 0x53, 0xe5, 0xd3, 0xdd, 0x73, 0x40, 0xa5, 0x35, 0x71,
+      0xeb, 0xca, 0xa7, 0xc0, 0xae, 0x70, 0xdf, 0x14, 0x83, 0xbe, 0xd8, 0x37, 0xfa, 0x8b, 0x14, 0xdb,
+      0x0c, 0x4e, 0x98, 0xc7, 0xe6, 0x40, 0x38, 0x94, 0x69, 0xd4, 0xd4, 0xa9, 0xb5, 0x3f, 0xec, 0xac,
+      0x14, 0x59, 0x46, 0xb5, 0x98, 0xb0, 0x99, 0x89, 0xea, 0xf5, 0x43, 0xb4, 0x47, 0xa9, 0xb1, 0xf2,
+      0x03, 0x2a, 0xaf, 0xd5, 0x5d, 0x81, 0xae, 0x3b, 0xb4, 0x52, 0x11, 0x85, 0xcb
+   };
+#endif
+#if defined(LTC_DES)
+   static const unsigned char long_pri_pkcs8_pbkdf2_des_cbc[] = {
+      0x30, 0x82, 0x01, 0x6b, 0x30, 0x3d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x0d, 0x30, 0x30, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c,
+      0x30, 0x0e, 0x04, 0x08, 0xda, 0x6b, 0x0a, 0x58, 0x7e, 0xd2, 0x9d, 0x38, 0x02, 0x02, 0x08, 0x00,
+      0x30, 0x11, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x07, 0x04, 0x08, 0xcc, 0x5c, 0x19, 0x7c, 0xa6,
+      0x0d, 0x01, 0x4b, 0x04, 0x82, 0x01, 0x28, 0x02, 0x9d, 0xec, 0xa4, 0xe1, 0x42, 0xc4, 0xdb, 0x18,
+      0x32, 0x26, 0x96, 0x8b, 0x87, 0x1a, 0xb7, 0x66, 0x8e, 0xfd, 0x23, 0x1e, 0x1e, 0x20, 0x18, 0xcd,
+      0x81, 0x1b, 0x67, 0x86, 0x78, 0xae, 0xb3, 0x70, 0x81, 0xf9, 0x6a, 0x26, 0x4e, 0x31, 0x64, 0xf8,
+      0x7e, 0xbf, 0xf3, 0xd3, 0xea, 0x7c, 0xda, 0x5d, 0x4d, 0xb7, 0xe2, 0xda, 0x9a, 0x80, 0x94, 0xd1,
+      0x65, 0x5f, 0x57, 0x17, 0xbc, 0xac, 0xd3, 0xb4, 0x94, 0xdc, 0xd0, 0x34, 0xe9, 0xed, 0x57, 0x97,
+      0x53, 0xe9, 0x24, 0x21, 0xac, 0x2b, 0xd1, 0xd9, 0x35, 0x7f, 0xf0, 0x79, 0x14, 0xce, 0x96, 0xe2,
+      0x55, 0xfb, 0xb9, 0x6e, 0xeb, 0xbf, 0xc8, 0xf2, 0x66, 0xc1, 0x42, 0xee, 0x94, 0x22, 0xac, 0x6a,
+      0xe2, 0xf6, 0xba, 0xfc, 0xeb, 0xc1, 0xd0, 0xec, 0x3c, 0x16, 0xa4, 0x36, 0x7a, 0xbf, 0xe9, 0x9d,
+      0x39, 0xd6, 0x32, 0x54, 0x3e, 0x86, 0xcf, 0xe4, 0x32, 0x1c, 0xc5, 0x54, 0x3f, 0x8d, 0x6e, 0xb9,
+      0x6c, 0x3d, 0xd7, 0x68, 0xd7, 0x67, 0xdd, 0x04, 0x0e, 0x8c, 0xfd, 0x62, 0x1a, 0x21, 0xa8, 0xcc,
+      0x67, 0xbd, 0x4f, 0x9b, 0x3c, 0x99, 0xd5, 0xa5, 0x98, 0x12, 0x33, 0x04, 0xcf, 0x1b, 0x58, 0x3f,
+      0xb2, 0x70, 0xfe, 0x92, 0xff, 0x7a, 0x73, 0xf9, 0x37, 0xd5, 0x20, 0x0e, 0x49, 0xed, 0xb3, 0x77,
+      0x73, 0x0f, 0x3e, 0xf8, 0x15, 0xc1, 0xfc, 0x28, 0x47, 0x10, 0xe8, 0x30, 0xee, 0xa9, 0x96, 0xcf,
+      0x39, 0xb6, 0x83, 0xe2, 0x84, 0x1d, 0x0e, 0x65, 0xb7, 0x02, 0x08, 0xf7, 0x8d, 0xe7, 0xf2, 0xcc,
+      0x52, 0xc2, 0xe6, 0x1d, 0xf6, 0x96, 0x17, 0x3e, 0x3f, 0xd8, 0x70, 0x8d, 0x2c, 0x62, 0x00, 0xf3,
+      0x32, 0xbd, 0x1c, 0x6b, 0x4a, 0x0c, 0xc6, 0x46, 0x61, 0x92, 0x1c, 0x01, 0x11, 0xbc, 0x55, 0xdd,
+      0x82, 0xd1, 0xbf, 0x2e, 0x1e, 0x97, 0xbe, 0xa7, 0x6e, 0x5a, 0xcd, 0xc6, 0x8f, 0x38, 0x24, 0x8f,
+      0xb8, 0x36, 0x3d, 0x06, 0x82, 0x14, 0x5b, 0x1a, 0x84, 0x1e, 0x47, 0x53, 0x3a, 0x12, 0x21, 0x23,
+      0xbe, 0xe4, 0xf4, 0x57, 0xc7, 0x31, 0x45, 0x24, 0x46, 0x94, 0x53, 0x0b, 0x1d, 0xcd, 0x57
+   };
+#endif
+#if defined(LTC_DES)
+   static const unsigned char long_pri_pkcs8_pbkdf2_des_ede3_cbc[] = {
+      0x30, 0x82, 0x01, 0x6e, 0x30, 0x40, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x0d, 0x30, 0x33, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c,
+      0x30, 0x0e, 0x04, 0x08, 0x6a, 0x99, 0x55, 0x06, 0x40, 0xd5, 0xe6, 0xc9, 0x02, 0x02, 0x08, 0x00,
+      0x30, 0x14, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x07, 0x04, 0x08, 0x7f, 0xf2,
+      0xa7, 0xa3, 0x2c, 0xbb, 0x8e, 0x78, 0x04, 0x82, 0x01, 0x28, 0x55, 0x4d, 0xcb, 0xab, 0xb8, 0x6e,
+      0xcf, 0x00, 0xd2, 0xe8, 0x1e, 0x0e, 0xe1, 0x8f, 0x51, 0x8e, 0x32, 0x68, 0xaf, 0x44, 0xa6, 0xf2,
+      0x9e, 0x11, 0xd7, 0x0f, 0xa7, 0xd5, 0x74, 0x77, 0xbc, 0x6b, 0x53, 0x40, 0x70, 0xb6, 0x02, 0xdb,
+      0xa6, 0x2e, 0xc7, 0x20, 0x15, 0x78, 0x91, 0xcc, 0x5b, 0xa7, 0x15, 0x58, 0x65, 0xeb, 0xc7, 0x6f,
+      0xb8, 0x14, 0xc9, 0x5f, 0x89, 0x58, 0xe2, 0xab, 0x69, 0x17, 0xe2, 0xe7, 0xe0, 0xa4, 0x59, 0xb7,
+      0x6a, 0xc2, 0xe5, 0xba, 0x03, 0x0e, 0xcc, 0x0a, 0xb1, 0xf0, 0x69, 0xb2, 0x90, 0xac, 0x30, 0x79,
+      0xd4, 0xa3, 0x90, 0xa2, 0x60, 0x37, 0x7d, 0xf8, 0xd9, 0x49, 0xa3, 0x0b, 0x6d, 0xd9, 0x98, 0x9e,
+      0xb0, 0x6a, 0xad, 0x97, 0x08, 0xf1, 0xfd, 0xec, 0xf8, 0xa7, 0x3c, 0xf6, 0x48, 0x81, 0x5b, 0x6d,
+      0x19, 0xcc, 0xed, 0x49, 0x94, 0x05, 0x6e, 0xa4, 0x9b, 0x58, 0xdd, 0xaf, 0xd7, 0x3d, 0x12, 0xe6,
+      0xf4, 0x12, 0x46, 0xd9, 0x82, 0xde, 0xb7, 0xc4, 0xeb, 0x1c, 0x3a, 0xef, 0x93, 0x82, 0x3d, 0xf8,
+      0x55, 0x88, 0xe5, 0x54, 0xd6, 0x74, 0x1c, 0x20, 0xbd, 0x40, 0x65, 0x99, 0x19, 0x5f, 0x25, 0x62,
+      0x35, 0x6d, 0x32, 0x64, 0xd7, 0xa1, 0x45, 0xa8, 0xc4, 0x8d, 0xe0, 0x6d, 0x14, 0x85, 0x84, 0x75,
+      0x62, 0x0f, 0xb0, 0xe9, 0xb1, 0xca, 0x31, 0x97, 0x22, 0x41, 0xb3, 0xf5, 0xdf, 0x5c, 0xbf, 0x3f,
+      0x4f, 0x01, 0xf8, 0xe7, 0xbc, 0xdc, 0xb2, 0x9a, 0x7d, 0x0c, 0x96, 0x38, 0x48, 0x7a, 0x1b, 0x89,
+      0x2b, 0xab, 0xa6, 0xbd, 0xee, 0x7a, 0xf8, 0x85, 0x82, 0x80, 0x8c, 0x3b, 0x05, 0x3c, 0x40, 0x69,
+      0x97, 0x0a, 0x4c, 0x45, 0xae, 0x38, 0x22, 0xc5, 0x95, 0xf2, 0x4f, 0x0c, 0xd5, 0x54, 0x23, 0x92,
+      0x9b, 0x06, 0x81, 0xca, 0xa5, 0x1e, 0x91, 0x7e, 0x2b, 0x85, 0xb4, 0xd4, 0xeb, 0xb6, 0xee, 0x22,
+      0x10, 0x72, 0xaf, 0x9e, 0x6d, 0xcc, 0x16, 0x24, 0x01, 0x44, 0x48, 0xaa, 0xc9, 0xf8, 0x38, 0x72,
+      0x7a, 0x35, 0x94, 0x20, 0x58, 0xa2, 0x1c, 0x81, 0xaf, 0x47, 0x3b, 0xb8, 0x23, 0xbb, 0x71, 0x09,
+      0xbf, 0x93
+   };
+#endif
+#if defined(LTC_RC2)
+   static const unsigned char long_pri_pkcs8_pbkdf2_rc2_cbc[] = {
+      0x30, 0x82, 0x01, 0x76, 0x30, 0x48, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x0d, 0x30, 0x3b, 0x30, 0x1e, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c,
+      0x30, 0x11, 0x04, 0x08, 0xbf, 0xef, 0x1a, 0x42, 0x5d, 0xc3, 0x6b, 0x0f, 0x02, 0x02, 0x08, 0x00,
+      0x02, 0x01, 0x10, 0x30, 0x19, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x02, 0x30,
+      0x0d, 0x02, 0x01, 0x3a, 0x04, 0x08, 0xfe, 0xf2, 0x09, 0x0c, 0xa4, 0xd0, 0xe6, 0x83, 0x04, 0x82,
+      0x01, 0x28, 0x61, 0x18, 0x73, 0xb7, 0x9d, 0x58, 0xc8, 0x4a, 0xf4, 0x24, 0xec, 0xb4, 0xe6, 0x24,
+      0xa7, 0xf0, 0x1e, 0xea, 0xc3, 0x57, 0x44, 0xb7, 0x5a, 0x77, 0xe5, 0x3c, 0x1c, 0x6a, 0x6b, 0x70,
+      0x6e, 0x64, 0x35, 0xa5, 0x5d, 0x32, 0xe3, 0xce, 0xe8, 0x79, 0xa4, 0x7f, 0x2b, 0xfc, 0xcb, 0x07,
+      0x62, 0xcd, 0xc9, 0x15, 0x30, 0xdf, 0x69, 0xae, 0xe8, 0xb4, 0x83, 0xec, 0x2a, 0xaf, 0xb3, 0x29,
+      0x92, 0x77, 0xf3, 0x31, 0x4d, 0x5f, 0xcb, 0xea, 0xa2, 0x4d, 0xfb, 0xa1, 0x68, 0xbe, 0x00, 0x01,
+      0x6d, 0x3f, 0xc6, 0xc1, 0x13, 0xee, 0xb0, 0x5a, 0x52, 0xce, 0xdc, 0x12, 0xf8, 0x42, 0x22, 0x2f,
+      0x57, 0x2e, 0x54, 0xac, 0x48, 0x31, 0x4d, 0x3c, 0xa1, 0x97, 0x5e, 0x17, 0x74, 0x88, 0x9b, 0x31,
+      0x91, 0x69, 0x00, 0x00, 0x15, 0x2c, 0xc2, 0xac, 0x70, 0x84, 0x9c, 0x7e, 0x5d, 0xc9, 0xee, 0x06,
+      0xcc, 0x38, 0x9d, 0x7d, 0xea, 0x71, 0xc3, 0x4f, 0x99, 0x08, 0xde, 0xb0, 0x1b, 0x3b, 0x2a, 0xbd,
+      0x7e, 0x01, 0x3b, 0x5e, 0xe5, 0xc2, 0x54, 0xf2, 0x30, 0xe5, 0xa0, 0xf3, 0x69, 0x87, 0x77, 0xed,
+      0xa1, 0x37, 0x76, 0x6a, 0xec, 0xe2, 0x9c, 0x8d, 0x4c, 0xe9, 0xf4, 0xd0, 0xca, 0xb5, 0x8f, 0xd0,
+      0x63, 0x17, 0x41, 0xcb, 0x29, 0x58, 0x4f, 0x2a, 0xd1, 0xe1, 0x03, 0x73, 0x09, 0xcc, 0x93, 0xc6,
+      0xde, 0x1e, 0x34, 0x0f, 0xb3, 0x67, 0xfd, 0x5e, 0x49, 0x16, 0x84, 0x84, 0x6a, 0x8f, 0x55, 0x22,
+      0x0b, 0xe4, 0xd8, 0xee, 0x2e, 0x9f, 0x25, 0x19, 0x89, 0x19, 0xe6, 0x8d, 0x64, 0x31, 0x38, 0x68,
+      0xfa, 0x40, 0x84, 0xca, 0x39, 0xef, 0x1a, 0x4a, 0xe9, 0x04, 0xee, 0xcc, 0x4a, 0xea, 0x19, 0x96,
+      0xa4, 0xcd, 0x62, 0x76, 0xb3, 0xc4, 0x2c, 0x23, 0x75, 0x24, 0xcd, 0x49, 0xe2, 0x17, 0x81, 0x45,
+      0x24, 0x55, 0xeb, 0xe1, 0xb4, 0xeb, 0xda, 0xc5, 0x56, 0xac, 0xfa, 0x30, 0xbd, 0x05, 0xbb, 0x03,
+      0x65, 0x50, 0xdc, 0xbf, 0xdf, 0xff, 0x2a, 0x80, 0x85, 0x6d, 0x6a, 0x5c, 0x93, 0xb8, 0x81, 0xc4,
+      0xca, 0x91, 0x08, 0x7b, 0x8a, 0x9d, 0xe9, 0x2d, 0xfc, 0x3b
+   };
+#endif
+#if defined(LTC_SHA224) && defined(LTC_DES)
+   static const unsigned char long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc[] = {
+      0x30, 0x82, 0x01, 0x7c, 0x30, 0x4e, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x0d, 0x30, 0x41, 0x30, 0x29, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c,
+      0x30, 0x1c, 0x04, 0x08, 0xb2, 0x82, 0x71, 0xc5, 0xd6, 0x3c, 0x2b, 0x92, 0x02, 0x02, 0x08, 0x00,
+      0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x08, 0x05, 0x00, 0x30, 0x14,
+      0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x07, 0x04, 0x08, 0x4a, 0x46, 0x2a, 0xa9,
+      0xd5, 0x9f, 0x79, 0xea, 0x04, 0x82, 0x01, 0x28, 0xc4, 0x27, 0x05, 0xa8, 0x01, 0xa7, 0xc9, 0x0d,
+      0x0e, 0x74, 0x06, 0x4a, 0xb8, 0x07, 0x9f, 0x7b, 0x0f, 0x82, 0xfd, 0x2c, 0xb5, 0x4f, 0x63, 0xed,
+      0xed, 0x86, 0x96, 0x79, 0x08, 0x2d, 0x5f, 0x6d, 0x8c, 0x83, 0xc9, 0xcc, 0xd4, 0x9b, 0x0a, 0x81,
+      0x60, 0x22, 0x09, 0xb9, 0x12, 0xca, 0xf1, 0xad, 0x61, 0x22, 0xf0, 0x6b, 0xdb, 0x52, 0x99, 0xae,
+      0x70, 0x2b, 0x61, 0x63, 0xdc, 0x2f, 0xc1, 0xd3, 0xb5, 0x28, 0xbb, 0xa1, 0xd2, 0xb7, 0xaf, 0xbb,
+      0x86, 0xa1, 0x1b, 0x46, 0x0a, 0xc9, 0xab, 0x44, 0xd2, 0x9c, 0x16, 0x18, 0x8b, 0x4a, 0x92, 0x56,
+      0x5b, 0x50, 0x39, 0x1b, 0x88, 0x50, 0x92, 0x35, 0xb8, 0x85, 0xc3, 0xaa, 0x56, 0x76, 0xde, 0xbf,
+      0x68, 0x91, 0x2e, 0xc8, 0x28, 0x29, 0xd8, 0x71, 0x60, 0xe3, 0xf0, 0x5a, 0x66, 0x85, 0xdd, 0x6b,
+      0x5c, 0xaf, 0xf1, 0x28, 0xf8, 0xdc, 0xa7, 0x8d, 0xc4, 0x9b, 0xcb, 0xb2, 0x99, 0x34, 0x4d, 0x76,
+      0xa0, 0x8b, 0xf2, 0x18, 0x8e, 0x42, 0xe0, 0x79, 0xc3, 0xeb, 0x0f, 0x00, 0xe7, 0xbe, 0x83, 0xdf,
+      0xba, 0xa5, 0xf1, 0x81, 0x05, 0x1c, 0xc9, 0xda, 0xea, 0xe1, 0xc4, 0x38, 0x24, 0x1e, 0xcf, 0xea,
+      0x22, 0x05, 0x75, 0x43, 0xfe, 0xfe, 0x14, 0xf7, 0x6d, 0x41, 0x67, 0xcf, 0xfd, 0x57, 0xa7, 0xfc,
+      0x22, 0x03, 0x14, 0xc1, 0xf6, 0x4d, 0x40, 0x4e, 0xf1, 0xec, 0x72, 0xec, 0x3c, 0xb1, 0x87, 0x44,
+      0xe9, 0x72, 0xc5, 0x8b, 0x48, 0xd9, 0x98, 0x08, 0x55, 0xc5, 0x40, 0x26, 0xf5, 0x8d, 0x73, 0x5e,
+      0x35, 0x98, 0x71, 0x09, 0x98, 0xfa, 0xb7, 0x1c, 0x35, 0xcd, 0xd4, 0xf1, 0x65, 0xb4, 0x59, 0xdb,
+      0x9e, 0x79, 0xe7, 0x21, 0x99, 0xd7, 0x9e, 0x8c, 0x13, 0x77, 0x0c, 0x5e, 0xae, 0x43, 0x82, 0xf1,
+      0x83, 0x79, 0x7d, 0x37, 0x51, 0xde, 0x65, 0x26, 0x1f, 0x8f, 0x81, 0x1c, 0x55, 0x40, 0xec, 0xaf,
+      0x3f, 0x0a, 0x68, 0xd2, 0xc7, 0x59, 0x47, 0xda, 0x78, 0x0c, 0x0e, 0x59, 0x6a, 0x93, 0xcd, 0x05,
+      0x09, 0x51, 0x47, 0xb1, 0x45, 0x3f, 0x67, 0xf8, 0x76, 0x50, 0x76, 0xa3, 0x2d, 0x31, 0x17, 0x73
+   };
+#endif
+#if defined(LTC_SHA256) && defined(LTC_DES)
+   static const unsigned char long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc[] = {
+      0x30, 0x82, 0x01, 0x7c, 0x30, 0x4e, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x0d, 0x30, 0x41, 0x30, 0x29, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c,
+      0x30, 0x1c, 0x04, 0x08, 0x93, 0x6e, 0x0a, 0x02, 0x8e, 0x72, 0xac, 0x98, 0x02, 0x02, 0x08, 0x00,
+      0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x09, 0x05, 0x00, 0x30, 0x14,
+      0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x07, 0x04, 0x08, 0x89, 0xa4, 0xc9, 0xd9,
+      0x82, 0xfa, 0x02, 0x76, 0x04, 0x82, 0x01, 0x28, 0xec, 0xd9, 0xee, 0xbf, 0xfa, 0xe6, 0x51, 0xdb,
+      0x02, 0xcb, 0xf3, 0x2c, 0x55, 0xdb, 0x83, 0x90, 0x5d, 0x9e, 0xf6, 0xbe, 0x10, 0xae, 0x35, 0x8c,
+      0x22, 0x39, 0xfc, 0xf9, 0xd1, 0x23, 0x27, 0x68, 0xd3, 0x15, 0x46, 0xed, 0x5d, 0x15, 0xfb, 0xdf,
+      0x6f, 0xe1, 0x01, 0x1c, 0xed, 0x4c, 0xfc, 0x78, 0x94, 0x47, 0x71, 0x92, 0xbc, 0xa1, 0xa6, 0x06,
+      0x74, 0x22, 0xcc, 0xbb, 0x49, 0x98, 0x43, 0xf1, 0xc2, 0xde, 0x4e, 0xeb, 0x56, 0x0e, 0x03, 0xc1,
+      0xf1, 0xc1, 0x80, 0x4b, 0x70, 0xd0, 0x8f, 0xf3, 0xd8, 0x18, 0x08, 0x41, 0x7a, 0xf9, 0x8b, 0x74,
+      0xe5, 0x28, 0x61, 0x77, 0x2f, 0x84, 0xb3, 0xb3, 0x68, 0xce, 0x19, 0xf0, 0xc6, 0xa9, 0xc1, 0x29,
+      0x96, 0xca, 0x3b, 0xdb, 0x13, 0x99, 0x86, 0xbe, 0x21, 0x0d, 0x00, 0xd7, 0x30, 0x15, 0x74, 0xfb,
+      0x43, 0xf7, 0x14, 0x97, 0x6d, 0xed, 0xeb, 0xe3, 0x4d, 0x67, 0x80, 0x35, 0x03, 0x69, 0x0d, 0xbe,
+      0xf1, 0x99, 0x6b, 0x53, 0xb7, 0xa3, 0xdf, 0xf4, 0xc3, 0xda, 0x20, 0x9b, 0xbf, 0xf9, 0x3f, 0x19,
+      0xae, 0xd5, 0x37, 0x91, 0x36, 0x42, 0xf3, 0x7d, 0xad, 0x40, 0x3c, 0x2a, 0x7f, 0x2d, 0xf1, 0x79,
+      0xee, 0x4c, 0x08, 0x3a, 0xd6, 0x35, 0x9b, 0xc9, 0xff, 0xd8, 0x41, 0x41, 0xd1, 0xc6, 0xa1, 0xba,
+      0x4d, 0xc6, 0xb7, 0x85, 0x05, 0xa1, 0x8e, 0xeb, 0xd1, 0xd2, 0x3a, 0x13, 0xd7, 0xbd, 0xb0, 0x02,
+      0xfe, 0x54, 0xfe, 0xf4, 0xfd, 0x31, 0x0c, 0x42, 0x78, 0xb9, 0x17, 0x90, 0x36, 0x17, 0xb8, 0x1a,
+      0x08, 0xe8, 0x7e, 0x5f, 0xbb, 0x30, 0xc2, 0xec, 0xd5, 0x08, 0xbc, 0xae, 0x2f, 0xe0, 0xca, 0xf2,
+      0x44, 0x2c, 0xa4, 0xb5, 0xec, 0xb9, 0xc2, 0xa3, 0x4a, 0x1a, 0x49, 0xfb, 0x3e, 0x5c, 0xb5, 0xd8,
+      0xb6, 0xf0, 0xbc, 0xa2, 0xda, 0xaa, 0x7a, 0x05, 0x4d, 0x06, 0xc0, 0x4b, 0x8f, 0x59, 0xce, 0x56,
+      0x02, 0x26, 0xb2, 0xa0, 0x5f, 0x74, 0xbb, 0x0b, 0x01, 0x1c, 0xb2, 0x0b, 0x8a, 0x80, 0xa4, 0x5d,
+      0x6e, 0x52, 0x24, 0xd0, 0xbe, 0xf5, 0x8e, 0x9e, 0x9e, 0x02, 0x40, 0x08, 0x99, 0xe0, 0x2c, 0xf9
+   };
+#endif
+#if defined(LTC_SHA384) && defined(LTC_DES)
+   static const unsigned char long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc[] = {
+      0x30, 0x82, 0x01, 0x7c, 0x30, 0x4e, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x0d, 0x30, 0x41, 0x30, 0x29, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c,
+      0x30, 0x1c, 0x04, 0x08, 0xfd, 0x6c, 0xdf, 0x0b, 0x23, 0xed, 0x71, 0xf7, 0x02, 0x02, 0x08, 0x00,
+      0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x0a, 0x05, 0x00, 0x30, 0x14,
+      0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x07, 0x04, 0x08, 0x99, 0xd0, 0x84, 0x7d,
+      0x6d, 0x4e, 0x82, 0xe1, 0x04, 0x82, 0x01, 0x28, 0xac, 0x9a, 0x2c, 0x71, 0xdf, 0x1a, 0x19, 0x38,
+      0xee, 0xc4, 0x9d, 0x7a, 0x27, 0xe0, 0xb9, 0x69, 0x32, 0xed, 0xe7, 0xa1, 0x77, 0x16, 0x60, 0x18,
+      0x7a, 0xf1, 0x47, 0xc1, 0x98, 0x48, 0xa4, 0xff, 0xab, 0x83, 0x1a, 0x7d, 0xe3, 0xdb, 0xcc, 0xf0,
+      0x40, 0x94, 0x3a, 0x6a, 0x3f, 0xf7, 0x88, 0x19, 0x59, 0xf4, 0xd8, 0x1b, 0x87, 0x14, 0x5b, 0x9c,
+      0x1f, 0xc5, 0xaf, 0x80, 0xe8, 0x06, 0xdb, 0xfa, 0x2c, 0xac, 0x61, 0x1c, 0xec, 0xec, 0x99, 0x5e,
+      0x06, 0x6e, 0x68, 0x4c, 0xb0, 0xc8, 0x6f, 0x74, 0x2c, 0x1e, 0x58, 0x2f, 0x49, 0x82, 0xa4, 0x2b,
+      0xb4, 0x4a, 0x2d, 0x77, 0x13, 0x87, 0xed, 0xbd, 0x71, 0x5a, 0x29, 0x29, 0x0c, 0x88, 0x4a, 0xf3,
+      0x76, 0x37, 0x7e, 0x04, 0x3c, 0x45, 0x76, 0x98, 0x22, 0x20, 0x97, 0xef, 0xae, 0x4a, 0xa9, 0x08,
+      0x54, 0xef, 0x43, 0xe0, 0x86, 0x54, 0x72, 0x44, 0xd1, 0x25, 0x9c, 0xb6, 0x7d, 0x88, 0xbd, 0x8f,
+      0xbe, 0xcb, 0xa8, 0x63, 0xfe, 0x66, 0x54, 0xa2, 0xce, 0x77, 0x19, 0x7e, 0xdd, 0xf7, 0x4d, 0xdc,
+      0xb1, 0xf7, 0xbf, 0x3c, 0xb5, 0xd2, 0x30, 0x9d, 0x3c, 0x35, 0x09, 0x37, 0xae, 0xae, 0x0f, 0x0b,
+      0x9d, 0xf5, 0x10, 0xae, 0x56, 0x83, 0x4f, 0xd8, 0xcd, 0xfe, 0xb7, 0xa9, 0x54, 0xf9, 0xb3, 0x89,
+      0xf6, 0x9a, 0x11, 0x60, 0x04, 0x4d, 0x80, 0xaf, 0x74, 0x73, 0x2d, 0xc4, 0x24, 0x23, 0xaa, 0x50,
+      0x4c, 0xf1, 0xd6, 0x2d, 0xc6, 0x74, 0xeb, 0x62, 0x02, 0xda, 0x81, 0x68, 0xc8, 0x68, 0xf0, 0x82,
+      0x71, 0xb2, 0xa5, 0x8e, 0x45, 0x93, 0x29, 0x94, 0x8f, 0xec, 0x11, 0x65, 0xcc, 0xd6, 0x4c, 0x2e,
+      0x0d, 0x4e, 0x45, 0xb4, 0x4e, 0x97, 0x38, 0xd0, 0xc2, 0x61, 0x43, 0x78, 0xa4, 0x08, 0x0a, 0x58,
+      0x3f, 0x66, 0xdb, 0x34, 0x42, 0x17, 0x42, 0x92, 0x04, 0x9a, 0x2d, 0x73, 0xaf, 0x58, 0x38, 0xc8,
+      0x3f, 0x5b, 0x83, 0x95, 0x3d, 0xae, 0xae, 0x60, 0x2b, 0x6d, 0xd9, 0xb4, 0xe3, 0x97, 0x6b, 0x49,
+      0xef, 0xd9, 0x68, 0xbb, 0x8d, 0x3a, 0x7e, 0xcb, 0x57, 0x33, 0xf5, 0x1a, 0x8d, 0xb4, 0x6d, 0xfb
+   };
+#endif
+#if defined(LTC_SHA512) && defined(LTC_DES)
+   static const unsigned char long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc[] = {
+      0x30, 0x82, 0x01, 0x7c, 0x30, 0x4e, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+      0x0d, 0x30, 0x41, 0x30, 0x29, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c,
+      0x30, 0x1c, 0x04, 0x08, 0xad, 0xb1, 0xe1, 0x21, 0xdc, 0xe5, 0x09, 0xee, 0x02, 0x02, 0x08, 0x00,
+      0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x0b, 0x05, 0x00, 0x30, 0x14,
+      0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x07, 0x04, 0x08, 0x1a, 0x8b, 0x81, 0x3b,
+      0x97, 0x7d, 0xfa, 0x51, 0x04, 0x82, 0x01, 0x28, 0x6d, 0x6f, 0x93, 0x77, 0xcb, 0x52, 0x2d, 0x3b,
+      0x82, 0x12, 0x80, 0xce, 0x9e, 0x69, 0x03, 0xe4, 0x64, 0xa1, 0x4b, 0x8e, 0x60, 0x51, 0x4d, 0x08,
+      0xe1, 0x25, 0x5d, 0xe6, 0xed, 0x20, 0x23, 0x4c, 0x4e, 0xa3, 0xe8, 0xab, 0x7a, 0xf8, 0x54, 0x65,
+      0x22, 0x92, 0x0c, 0x45, 0xab, 0x1c, 0xe2, 0x68, 0x4e, 0xf3, 0xa9, 0x61, 0xd6, 0x44, 0x9d, 0x55,
+      0x19, 0xc6, 0xd9, 0x2a, 0x0d, 0x45, 0x7d, 0xca, 0xa4, 0x41, 0xb5, 0x6d, 0xd5, 0x09, 0xf2, 0xb6,
+      0x81, 0x95, 0x64, 0xdb, 0x2b, 0xed, 0x83, 0x6b, 0x44, 0xa6, 0xce, 0x36, 0x8d, 0x23, 0x89, 0xb6,
+      0xf3, 0xb0, 0xe0, 0xcf, 0x57, 0x72, 0xc7, 0x61, 0x3f, 0x29, 0xb9, 0xea, 0xe8, 0x7a, 0xca, 0x43,
+      0x90, 0x79, 0x81, 0x8a, 0xe2, 0x3c, 0xd1, 0xa6, 0xd9, 0x09, 0xd8, 0x7d, 0xd0, 0x90, 0x69, 0x7e,
+      0xdd, 0x40, 0xde, 0xba, 0x11, 0xc6, 0x6f, 0x75, 0xfc, 0xc3, 0x99, 0x43, 0xd2, 0xa4, 0x16, 0x2e,
+      0x95, 0x99, 0x12, 0x77, 0xe8, 0x86, 0x9a, 0xf9, 0x97, 0xf4, 0x43, 0x99, 0x1d, 0x7b, 0xe0, 0x69,
+      0xb0, 0xe9, 0x45, 0xd0, 0x0b, 0xaa, 0xd0, 0xa9, 0x90, 0x85, 0x39, 0xd9, 0xe0, 0xe4, 0xe5, 0xf3,
+      0xcf, 0xb6, 0x60, 0x63, 0x51, 0x0b, 0xd8, 0x3d, 0xa2, 0x0f, 0xf6, 0x53, 0x09, 0x2e, 0x11, 0xc4,
+      0xe6, 0xe3, 0xfa, 0xfb, 0x9f, 0x4d, 0xf4, 0xef, 0xb2, 0xf6, 0x9b, 0xc6, 0xb3, 0x75, 0x66, 0xfd,
+      0x1b, 0x44, 0xba, 0x3c, 0xa8, 0x51, 0xbe, 0x97, 0xf1, 0x54, 0xb5, 0xcc, 0x6f, 0x5f, 0x1d, 0x9b,
+      0xee, 0xed, 0x7a, 0x82, 0xfa, 0x40, 0x39, 0xa7, 0xf5, 0x8e, 0x5e, 0x42, 0xfa, 0x37, 0xcc, 0xe8,
+      0x99, 0x38, 0xc1, 0xab, 0x83, 0xb8, 0x3c, 0x25, 0x17, 0x5f, 0xb7, 0x45, 0x0f, 0xcd, 0xec, 0x2a,
+      0x47, 0x07, 0x02, 0xba, 0x92, 0xc1, 0x79, 0xf1, 0x95, 0xc7, 0x83, 0x46, 0xd7, 0x9e, 0x04, 0x96,
+      0x3c, 0x5d, 0x7e, 0x70, 0xe6, 0x2b, 0x72, 0x70, 0x42, 0x66, 0x17, 0x0e, 0xc3, 0xcf, 0x32, 0x28,
+      0x0c, 0xf9, 0x46, 0x38, 0xb7, 0x64, 0xd6, 0x51, 0xf9, 0xbd, 0x57, 0xf2, 0x7a, 0xcc, 0x02, 0xe3
+   };
+#endif
    static const unsigned char long_pric[] = { /* private + compressed public, explicit curve params */
       0x30, 0x81, 0xd3, 0x02, 0x01, 0x01, 0x04, 0x20, 0x0c, 0xf1, 0xad, 0x2f, 0x03, 0xf7, 0x91, 0x1b,
       0xba, 0x03, 0xcf, 0x23, 0x37, 0xc8, 0xf2, 0xf7, 0x36, 0xce, 0x65, 0xf1, 0x84, 0x2d, 0x7d, 0x9f,
@@ -667,6 +1053,23 @@ static int _ecc_import_export(void) {
       0x12, 0xd0, 0x24, 0xaf, 0xba, 0xb6, 0x7f, 0xfb, 0x96, 0x27, 0x3e, 0x2f, 0xbd, 0x1e, 0xd5, 0xf9,
       0x8d, 0x6c, 0x73, 0x9d, 0xc5, 0x16
    };
+   static const unsigned char long_pric_pkcs8[] = { /* private + compressed public, explicit curve params, PKCS8 */
+      0x30, 0x81, 0xe3, 0x02, 0x01, 0x00, 0x30, 0x81, 0x8e, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+      0x02, 0x01, 0x30, 0x81, 0x82, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
+      0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+      0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x21,
+      0x02, 0x79, 0xbe, 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0, 0x62, 0x95, 0xce, 0x87, 0x0b,
+      0x07, 0x02, 0x9b, 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2, 0x81, 0x5b, 0x16, 0xf8, 0x17,
+      0x98, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+      0xff, 0xff, 0xff, 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c,
+      0xd0, 0x36, 0x41, 0x41, 0x02, 0x01, 0x01, 0x04, 0x4d, 0x30, 0x4b, 0x02, 0x01, 0x01, 0x04, 0x20,
+      0x0c, 0xf1, 0xad, 0x2f, 0x03, 0xf7, 0x91, 0x1b, 0xba, 0x03, 0xcf, 0x23, 0x37, 0xc8, 0xf2, 0xf7,
+      0x36, 0xce, 0x65, 0xf1, 0x84, 0x2d, 0x7d, 0x9f, 0x5f, 0x9e, 0x21, 0xd9, 0x5e, 0x49, 0xbd, 0x23,
+      0xa1, 0x24, 0x03, 0x22, 0x00, 0x03, 0x2a, 0xf9, 0x0b, 0xda, 0xbe, 0x71, 0x66, 0x9e, 0xd1, 0xcf,
+      0x12, 0xd0, 0x24, 0xaf, 0xba, 0xb6, 0x7f, 0xfb, 0x96, 0x27, 0x3e, 0x2f, 0xbd, 0x1e, 0xd5, 0xf9,
+      0x8d, 0x6c, 0x73, 0x9d, 0xc5, 0x16
+   };
    static const unsigned char long_pub[] = { /* long public, explicit curve params */
       0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30,
       0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01,
@@ -709,6 +1112,17 @@ static int _ecc_import_export(void) {
       0x6e, 0x32, 0x5b, 0xf7, 0x63, 0x62, 0x94, 0x24, 0x24, 0xdb, 0xec, 0x3f, 0x8b, 0xe5, 0x6e, 0x4b,
       0x64, 0x37, 0x31, 0x24, 0x79, 0x4d
    };
+   static const unsigned char short_pri_pkcs8[] = { /* private + long public, curve by OID, PKCS8 */
+      0x30, 0x81, 0x84, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+      0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04,
+      0x20, 0x0c, 0xf1, 0xad, 0x2f, 0x03, 0xf7, 0x91, 0x1b, 0xba, 0x03, 0xcf, 0x23, 0x37, 0xc8, 0xf2,
+      0xf7, 0x36, 0xce, 0x65, 0xf1, 0x84, 0x2d, 0x7d, 0x9f, 0x5f, 0x9e, 0x21, 0xd9, 0x5e, 0x49, 0xbd,
+      0x23, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x2a, 0xf9, 0x0b, 0xda, 0xbe, 0x71, 0x66, 0x9e, 0xd1,
+      0xcf, 0x12, 0xd0, 0x24, 0xaf, 0xba, 0xb6, 0x7f, 0xfb, 0x96, 0x27, 0x3e, 0x2f, 0xbd, 0x1e, 0xd5,
+      0xf9, 0x8d, 0x6c, 0x73, 0x9d, 0xc5, 0x16, 0x91, 0xbd, 0xb2, 0xb9, 0x1b, 0x40, 0x10, 0x5a, 0xb7,
+      0x6c, 0x6e, 0x32, 0x5b, 0xf7, 0x63, 0x62, 0x94, 0x24, 0x24, 0xdb, 0xec, 0x3f, 0x8b, 0xe5, 0x6e,
+      0x4b, 0x64, 0x37, 0x31, 0x24, 0x79, 0x4d
+   };
    static const unsigned char short_pric[] = { /* private + compressed public, curve by OID */
       0x30, 0x54, 0x02, 0x01, 0x01, 0x04, 0x20, 0x0c, 0xf1, 0xad, 0x2f, 0x03, 0xf7, 0x91, 0x1b, 0xba,
       0x03, 0xcf, 0x23, 0x37, 0xc8, 0xf2, 0xf7, 0x36, 0xce, 0x65, 0xf1, 0x84, 0x2d, 0x7d, 0x9f, 0x5f,
@@ -717,6 +1131,15 @@ static int _ecc_import_export(void) {
       0x12, 0xd0, 0x24, 0xaf, 0xba, 0xb6, 0x7f, 0xfb, 0x96, 0x27, 0x3e, 0x2f, 0xbd, 0x1e, 0xd5, 0xf9,
       0x8d, 0x6c, 0x73, 0x9d, 0xc5, 0x16
    };
+   static const unsigned char short_pric_pkcs8[] = { /* private + compressed public, curve by OID, PKCS8 */
+      0x30, 0x64, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
+      0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a, 0x04, 0x4d, 0x30, 0x4b, 0x02, 0x01, 0x01, 0x04, 0x20,
+      0x0c, 0xf1, 0xad, 0x2f, 0x03, 0xf7, 0x91, 0x1b, 0xba, 0x03, 0xcf, 0x23, 0x37, 0xc8, 0xf2, 0xf7,
+      0x36, 0xce, 0x65, 0xf1, 0x84, 0x2d, 0x7d, 0x9f, 0x5f, 0x9e, 0x21, 0xd9, 0x5e, 0x49, 0xbd, 0x23,
+      0xa1, 0x24, 0x03, 0x22, 0x00, 0x03, 0x2a, 0xf9, 0x0b, 0xda, 0xbe, 0x71, 0x66, 0x9e, 0xd1, 0xcf,
+      0x12, 0xd0, 0x24, 0xaf, 0xba, 0xb6, 0x7f, 0xfb, 0x96, 0x27, 0x3e, 0x2f, 0xbd, 0x1e, 0xd5, 0xf9,
+      0x8d, 0x6c, 0x73, 0x9d, 0xc5, 0x16
+   };
    static const unsigned char short_pub[] = { /* long public, curve by OID */
       0x30, 0x56, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b,
       0x81, 0x04, 0x00, 0x0a, 0x03, 0x42, 0x00, 0x04, 0x2a, 0xf9, 0x0b, 0xda, 0xbe, 0x71, 0x66, 0x9e,
@@ -912,6 +1335,89 @@ static int _ecc_import_export(void) {
    DO(_ecc_key_cmp(PK_PUBLIC, &pub, &key));
    ecc_free(&key);
 
+   /* import - private PKCS8 format - no password */
+   DO(ecc_import_pkcs8(long_pri_pkcs8, sizeof(long_pri_pkcs8),   NULL, 0, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+   DO(ecc_import_pkcs8(long_pric_pkcs8, sizeof(long_pric_pkcs8),  NULL, 0, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+   DO(ecc_import_pkcs8(short_pri_pkcs8, sizeof(short_pri_pkcs8),  NULL, 0, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+   DO(ecc_import_pkcs8(short_pric_pkcs8, sizeof(short_pric_pkcs8), NULL, 0, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+
+   /* import - private PKCS8 format - password protected (PBES1 algorithms) */
+#ifdef LTC_MD2
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_des, sizeof(long_pri_pkcs8_pbe_md2_des), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+#ifdef LTC_MD5
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_des, sizeof(long_pri_pkcs8_pbe_md5_des), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+#ifdef LTC_SHA1
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_des, sizeof(long_pri_pkcs8_pbe_sha1_des), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+#if defined(LTC_RC2) && defined(LTC_MD2)
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_rc2_64, sizeof(long_pri_pkcs8_pbe_md2_rc2_64), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+#if defined(LTC_RC2) && defined(LTC_MD5)
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_rc2_64, sizeof(long_pri_pkcs8_pbe_md5_rc2_64), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+#if defined(LTC_RC2) && defined(LTC_SHA1)
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_rc2_64, sizeof(long_pri_pkcs8_pbe_sha1_rc2_64), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+
+   /* import - private PKCS8 format - password protected (PBES2 algorithms) */
+#if defined(LTC_RC2)
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_rc2_cbc, sizeof(long_pri_pkcs8_pbkdf2_rc2_cbc), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+#if defined(LTC_DES)
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_cbc), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+#if defined(LTC_DES)
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_ede3_cbc), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+#if defined(LTC_SHA224) && defined(LTC_DES)
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+#if defined(LTC_SHA256) && defined(LTC_DES)
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+#if defined(LTC_SHA384) && defined(LTC_DES)
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+#if defined(LTC_SHA512) && defined(LTC_DES)
+   DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc), "secret", 6, &key));
+   DO(_ecc_key_cmp(PK_PRIVATE, &pri, &key));
+   ecc_free(&key);
+#endif
+
    /* import - X.509 EC certificates */
    DO(ecc_import_x509(x509_cert_long,   sizeof(x509_cert_long),   &key));
    DO(_ecc_key_cmp(PK_PUBLIC, &pub, &key));

tests/rsa-pkcs8/README.txt

@@ -0,0 +1,29 @@
+# pkcs8 without password
+openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in ../test.key -out key_pkcs8.der
+
+# password protected - PBES1
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v1 PBE-MD2-RC2-64  -out key_pkcs8_pbe_md2_rc2_64.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v1 PBE-MD2-DES     -out key_pkcs8_pbe_md2_des.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v1 PBE-MD5-DES     -out key_pkcs8_pbe_md5_des.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v1 PBE-SHA1-RC2-64 -out key_pkcs8_pbe_sha1_rc2_64.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v1 PBE-MD5-RC2-64  -out key_pkcs8_pbe_md5_rc2_64.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v1 PBE-SHA1-DES    -out key_pkcs8_pbe_sha1_des.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v1 PBE-SHA1-3DES   -out key_pkcs8_pbe_sha1_3des.der
+
+# password protected - PBES2
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 rc2  -out key_pkcs8_pbkdf2_rc2_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 des  -out key_pkcs8_pbkdf2_des_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 des3 -out key_pkcs8_pbkdf2_des_ede3_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 des3 -v2prf hmacWithSHA224 -out key_pkcs8_pbkdf2_sha224_des_ede3_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 des3 -v2prf hmacWithSHA256 -out key_pkcs8_pbkdf2_sha256_des_ede3_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 des3 -v2prf hmacWithSHA384 -out key_pkcs8_pbkdf2_sha384_des_ede3_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 des3 -v2prf hmacWithSHA512 -out key_pkcs8_pbkdf2_sha512_des_ede3_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 aes128 -v2prf hmacWithSHA512 -out key_pkcs8_pbkdf2_sha512_aes128_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 aes192 -v2prf hmacWithSHA512 -out key_pkcs8_pbkdf2_sha512_aes192_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 aes256 -v2prf hmacWithSHA512 -out key_pkcs8_pbkdf2_sha512_aes256_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 aes256 -v2prf hmacWithSHA512-224 -out key_pkcs8_pbkdf2_sha512_224_aes256_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 aes256 -v2prf hmacWithSHA512-256 -out key_pkcs8_pbkdf2_sha512_256_aes256_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 rc2-40 -v2prf hmacWithSHA512 -out key_pkcs8_pbkdf2_sha512_rc2_40_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 rc2-40 -v2prf hmacWithSHA512-256 -out key_pkcs8_pbkdf2_sha512_256_rc2_40_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 rc2-64 -v2prf hmacWithSHA512 -out key_pkcs8_pbkdf2_sha512_rc2_64_cbc.der
+openssl pkcs8 -topk8 -inform PEM -outform DER -passout pass:secret -in ../test.key -v2 rc2-64 -v2prf hmacWithSHA512-256 -out key_pkcs8_pbkdf2_sha512_256_rc2_64_cbc.der

tests/rsa_test.c

@@ -341,6 +341,13 @@ static int _rsa_import_x509(const void *in, unsigned long inlen, void *key)
    }
    return rsa_import_x509(in, inlen, key);
 }
+
+#if defined(LTC_MD2) && defined(LTC_MD5) && defined(LTC_RC2)
+static int _rsa_import_pkcs8(const void *in, unsigned long inlen, void *key)
+{
+   return rsa_import_pkcs8(in, inlen, "secret", 6, key);
+}
+#endif
 #endif
 
 int rsa_test(void)
@@ -370,6 +377,9 @@ int rsa_test(void)
 
 #ifdef LTC_TEST_READDIR
    DO(test_process_dir("tests/rsa", &key, _rsa_import_x509, (dir_cleanup_cb)rsa_free, "rsa_test"));
+#if defined(LTC_MD2) && defined(LTC_MD5) && defined(LTC_RC2)
+   DO(test_process_dir("tests/rsa-pkcs8", &key, _rsa_import_pkcs8, (dir_cleanup_cb)rsa_free, "rsa_pkcs8_test"));
+#endif
 #endif
 
    DO(_rsa_issue_301(prng_idx));