Update docs

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

Author: sjaeckel

.ci/meta_builds.sh

@@ -22,6 +22,14 @@ fi
 function run_gcc() {
    bash .ci/check_source.sh "CHECK_SOURCES" "$2" "$3" "$4" "$5"
 
+   make -j$(nproc) pem-info V=0
+
+   echo "verify docs..."
+   while read -r line; do
+     grep -q -e "$line" doc/crypt.tex || { echo "Failed to find \"$line\" in doc/crypt.tex"; exit 1; }
+   done < <(./pem-info | grep '^\\' | sed 's@\\@\\\\@g')
+   echo "docs OK"
+
    make clean &>/dev/null
 
    echo

.gitignore

@@ -36,6 +36,8 @@ openssl-enc
 openssl-enc.exe
 openssh-privkey
 openssh-privkey.exe
+pem-info
+pem-info.exe
 sizes
 sizes.exe
 small

demos/pem-info.c

@@ -0,0 +1,85 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+/* print all PEM related infos */
+#include "tomcrypt_private.h"
+
+#if defined(LTC_PEM_SSH)
+extern const struct blockcipher_info pem_dek_infos[];
+extern const unsigned long pem_dek_infos_num;
+
+extern const struct blockcipher_info ssh_ciphers[];
+extern const unsigned long ssh_ciphers_num;
+
+static const struct {
+   const char *is, *should;
+} cipher_name_map[] = {
+   { "", "none" },
+   { "aes", "AES" },
+   { "blowfish", "Blowfish" },
+   { "camellia", "Camellia" },
+   { "cast5", "CAST5" },
+   { "3des", "3DES (EDE)" },
+   { "des", "DES" },
+   { "idea", "IDEA" },
+   { "rc5", "RC5" },
+   { "rc2", "RC2" },
+   { "seed", "SEED" },
+   { "serpent", "Serpent" },
+   { "twofish", "Twofish" },
+};
+
+static const char *s_map_cipher(const char *name)
+{
+   unsigned long n;
+   for (n = 0; n < sizeof(cipher_name_map)/sizeof(cipher_name_map[0]); ++n) {
+      if (strcmp(name, cipher_name_map[n].is) == 0)
+         return cipher_name_map[n].should;
+   }
+   fprintf(stderr, "Error: Can't map %s\n", name);
+   exit(1);
+}
+
+static const char *cipher_mode_map[] = {
+   "none", "CBC", "CFB", "CTR", "OFB", "STREAM", "GCM"
+};
+
+static const char *s_map_mode(enum cipher_mode mode)
+{
+   if (mode >= 0 && mode <= sizeof(cipher_mode_map)/sizeof(cipher_mode_map[0]))
+      return cipher_mode_map[mode];
+   fprintf(stderr, "Error: Can't map cipher_mode %d\n", mode);
+   exit(1);
+}
+
+int main(void)
+{
+   unsigned long n;
+   printf("PEM ciphers:\n\n");
+   for (n = 0; n < pem_dek_infos_num; ++n) {
+      char nbuf[20] = {0};
+      size_t nlen = strlen(pem_dek_infos[n].name);
+      memcpy(nbuf, pem_dek_infos[n].name, nlen);
+      nbuf[nlen-1] = '}';
+      printf("\\hline \\texttt{%-18s & %-15s & %-25ld & %s \\\\\n",
+                               nbuf, s_map_cipher(pem_dek_infos[n].algo),
+                                              pem_dek_infos[n].keylen * 8,
+                                                       s_map_mode(pem_dek_infos[n].mode));
+   }
+
+   printf("\nSSH ciphers:\n\n");
+   for (n = 0; n < ssh_ciphers_num; ++n) {
+      char nbuf[20] = {0};
+      size_t nlen = strlen(ssh_ciphers[n].name);
+      memcpy(nbuf, ssh_ciphers[n].name, nlen);
+      nbuf[nlen] = '}';
+      printf("\\hline \\texttt{%-18s & %-15s & %-25ld & %-4s \\\\\n",
+                               nbuf, s_map_cipher(ssh_ciphers[n].algo),
+                               ssh_ciphers[n].keylen * 8,
+                                                       s_map_mode(ssh_ciphers[n].mode));
+   }
+
+   return 0;
+}
+#else
+int main(void) { return EXIT_FAILURE; }
+#endif

doc/crypt.tex

@@ -5117,7 +5117,7 @@ \chapter{Elliptic Curve Cryptography - $GF(p)$}
 analogy for digital signatures (also known as \textit{ECDSA}).
 
 \mysection{Supported Curves}
-\label{supported-curvers}
+\label{supported-curves}
 
 The following table \ref{fig:builtincurves} shows all built--in curves supported by the library. On top of that one can also use a custom curve
 defined by own parameters (the only limitation is that the curve must be based on equation \ref{ecc-gf-p-equation}).
@@ -7442,7 +7442,7 @@ \subsection{De- and Encoding with Multiple Argument Lists}
 \mysection{PEM Files}
 \label{pem-files}
 \subsection{Introduction}
-LibTomCrypt supports reading of asymmetric cryptography private keys out of
+LibTomCrypt supports reading of asymmetric cryptography keys out of
 PEM files in multiple formats.
 
 The library provides support for:
@@ -7499,6 +7499,17 @@ \subsection{The PKA Union}
 void pka_key_free(ltc_pka_key *key);
 \end{verbatim}
 
+\subsection{Generic PEM API}
+
+The generic API functions provided to decode a PEM file into the \texttt{ltc\_pka\_key} union are:
+
+\begin{verbatim}
+int pem_decode_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx);
+int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx);
+\end{verbatim}
+
+Additional to that, there exist specific API functions for the two supported classes of PEM files.
+
 \subsection{PKCS PEM files}
 
 The library supports the following types of PKCS PEM files:
@@ -7514,42 +7525,83 @@ \subsection{PKCS PEM files}
 The identifiers in the PEM headers recognized are as follows:
 
 \begin{table}[H]
-\begin{center}
 \begin{small}
-\begin{tabular}{|l|l|l|l|}
-\hline \textbf{Identifier}                   & \textbf{Encrypted} & \textbf{Standard} & \textbf{Type}                  \\
-\hline \texttt{BEGIN ENCRYPTED PRIVATE KEY}  & Yes                & \texttt{PKCS \#8} & DSA, ECC, Ed25519, RSA, X25519 \\
-\hline \texttt{BEGIN PRIVATE KEY}            & No                 & \texttt{PKCS \#8} & DSA, ECC, Ed25519, RSA, X25519 \\
-\hline \texttt{BEGIN DSA PRIVATE KEY}        & Maybe              & \texttt{PKCS \#1} & DSA \\
-\hline \texttt{BEGIN EC PRIVATE KEY}         & Maybe              & \texttt{RFC 5915} & ECC \\
-\hline \texttt{BEGIN RSA PRIVATE KEY}        & Maybe              & \texttt{PKCS \#1} & RSA \\
+\begin{tabular}{|l|l|l|l|l|}
+\hline \textbf{Identifier}                   & \textbf{Key type} & \textbf{File content} & \textbf{Standard} & \textbf{Algorithm} \\
+\hline \texttt{BEGIN CERTIFICATE}            & Public            & Plain                 & \texttt{X.509}    & DH, DSA, ECC, Ed25519, RSA, X25519 \\
+\hline \texttt{BEGIN DSA PRIVATE KEY}        & Private           & Maybe encrypted       & \texttt{PKCS \#1} & DSA \\
+\hline \texttt{BEGIN EC PRIVATE KEY}         & Private           & Maybe encrypted       & \texttt{RFC 5915} & ECC \\
+\hline \texttt{BEGIN ENCRYPTED PRIVATE KEY}  & Private           & Encrypted             & \texttt{PKCS \#8} & DH, DSA, ECC, Ed25519, RSA, X25519 \\
+\hline \texttt{BEGIN PRIVATE KEY}            & Private           & Plain                 & \texttt{PKCS \#8} & DH, DSA, ECC, Ed25519, RSA, X25519 \\
+\hline \texttt{BEGIN PUBLIC KEY}             & Public            & Plain                 & \texttt{PKCS \#8} & DH, DSA, ECC, Ed25519, RSA, X25519 \\
+\hline \texttt{BEGIN RSA PRIVATE KEY}        & Private           & Maybe encrypted       & \texttt{PKCS \#1} & RSA \\
+\hline \texttt{BEGIN RSA PUBLIC KEY}         & Public            & Plain                 & \texttt{PKCS \#1} & RSA \\
 \hline
 \end{tabular}
 \end{small}
-\end{center}
-\caption{List of supported PKCS private key types}
-\label{supported-pkcs-private-key-types}
+\caption{List of supported PEM headers}
+\label{supported-PEM-headers}
 \end{table}
 
 When dealing with PEM formatted private keys the following encryption algorithms are supported:
 
 \begin{table}[H]
-\begin{center}
 \begin{small}
 \begin{tabular}{|l|l|l|l|}
 \hline \textbf{Identifier}        & \textbf{Cipher} & \textbf{Key size in bits} & \textbf{Mode} \\
 \hline \texttt{AES-128-CBC}       & AES             & 128                       & CBC \\
 \hline \texttt{AES-192-CBC}       & AES             & 192                       & CBC \\
 \hline \texttt{AES-256-CBC}       & AES             & 256                       & CBC \\
+\hline \texttt{AES-128-CFB}       & AES             & 128                       & CFB \\
+\hline \texttt{AES-192-CFB}       & AES             & 192                       & CFB \\
+\hline \texttt{AES-256-CFB}       & AES             & 256                       & CFB \\
+\hline \texttt{AES-128-CTR}       & AES             & 128                       & CTR \\
+\hline \texttt{AES-192-CTR}       & AES             & 192                       & CTR \\
+\hline \texttt{AES-256-CTR}       & AES             & 256                       & CTR \\
+\hline \texttt{AES-128-OFB}       & AES             & 128                       & OFB \\
+\hline \texttt{AES-192-OFB}       & AES             & 192                       & OFB \\
+\hline \texttt{AES-256-OFB}       & AES             & 256                       & OFB \\
+\hline \texttt{BF-CBC}            & Blowfish        & 128                       & CBC \\
+\hline \texttt{BF-CFB}            & Blowfish        & 128                       & CFB \\
+\hline \texttt{BF-OFB}            & Blowfish        & 128                       & OFB \\
 \hline \texttt{CAMELLIA-128-CBC}  & Camellia        & 128                       & CBC \\
 \hline \texttt{CAMELLIA-192-CBC}  & Camellia        & 192                       & CBC \\
 \hline \texttt{CAMELLIA-256-CBC}  & Camellia        & 256                       & CBC \\
+\hline \texttt{CAMELLIA-128-CFB}  & Camellia        & 128                       & CFB \\
+\hline \texttt{CAMELLIA-192-CFB}  & Camellia        & 192                       & CFB \\
+\hline \texttt{CAMELLIA-256-CFB}  & Camellia        & 256                       & CFB \\
+\hline \texttt{CAMELLIA-128-CTR}  & Camellia        & 128                       & CTR \\
+\hline \texttt{CAMELLIA-192-CTR}  & Camellia        & 192                       & CTR \\
+\hline \texttt{CAMELLIA-256-CTR}  & Camellia        & 256                       & CTR \\
+\hline \texttt{CAMELLIA-128-OFB}  & Camellia        & 128                       & OFB \\
+\hline \texttt{CAMELLIA-192-OFB}  & Camellia        & 192                       & OFB \\
+\hline \texttt{CAMELLIA-256-OFB}  & Camellia        & 256                       & OFB \\
+\hline \texttt{CAST5-CBC}         & CAST5           & 128                       & CBC \\
+\hline \texttt{CAST5-CFB}         & CAST5           & 128                       & CFB \\
+\hline \texttt{CAST5-OFB}         & CAST5           & 128                       & OFB \\
 \hline \texttt{DES-EDE3-CBC}      & 3DES (EDE)      & 192                       & CBC \\
-\hline \texttt{DES-CBC}           & DES             & 64                       & CBC \\
+\hline \texttt{DES-EDE3-CFB}      & 3DES (EDE)      & 192                       & CFB \\
+\hline \texttt{DES-EDE3-OFB}      & 3DES (EDE)      & 192                       & OFB \\
+\hline \texttt{DES-CBC}           & DES             & 64                        & CBC \\
+\hline \texttt{DES-CFB}           & DES             & 64                        & CFB \\
+\hline \texttt{DES-OFB}           & DES             & 64                        & OFB \\
+\hline \texttt{IDEA-CBC}          & IDEA            & 128                       & CBC \\
+\hline \texttt{IDEA-CFB}          & IDEA            & 128                       & CFB \\
+\hline \texttt{IDEA-OFB}          & IDEA            & 128                       & OFB \\
+\hline \texttt{RC5-CBC}           & RC5             & 128                       & CBC \\
+\hline \texttt{RC5-CFB}           & RC5             & 128                       & CFB \\
+\hline \texttt{RC5-OFB}           & RC5             & 128                       & OFB \\
+\hline \texttt{RC2-40-CBC}        & RC2             & 40                        & CBC \\
+\hline \texttt{RC2-64-CBC}        & RC2             & 64                        & CBC \\
+\hline \texttt{RC2-CBC}           & RC2             & 128                       & CBC \\
+\hline \texttt{RC2-CFB}           & RC2             & 128                       & CFB \\
+\hline \texttt{RC2-OFB}           & RC2             & 128                       & OFB \\
+\hline \texttt{SEED-CBC}          & SEED            & 128                       & CBC \\
+\hline \texttt{SEED-CFB}          & SEED            & 128                       & CFB \\
+\hline \texttt{SEED-OFB}          & SEED            & 128                       & OFB \\
 \hline
 \end{tabular}
 \end{small}
-\end{center}
 \caption{List of supported PEM DEK algorithms}
 \label{supported-pem-dek-algorithms}
 \end{table}
@@ -7566,27 +7618,61 @@ \subsection{OpenSSH PEM files}
 OpenSSH PEM files can contain private keys of the following types:
 
 \begin{table}[H]
-\begin{center}
 \begin{small}
 \begin{tabular}{|l|l|}
 \hline \textbf{Identifier}    & \textbf{Type} \\
 \hline \texttt{ecdsa-sha2-*}  & ECC keys \\
+\hline \texttt{ssh-dss}       & DSA \\
 \hline \texttt{ssh-ed25519}   & Curve25519 \\
 \hline \texttt{ssh-rsa}       & RSA \\
 \hline
 \end{tabular}
 \end{small}
-\end{center}
 \caption{List of supported OpenSSH private key types}
 \label{supported-openssh-private-key-types}
 \end{table}
 
 C.f. \href{https://datatracker.ietf.org/doc/html/rfc5656}{\texttt{RFC 5656}} for details on ECC keys
 in OpenSSH.  LibTomCrypt should be able to handle all the ECC curves supported by the library,
-c.f. Ch. \ref{supported-curvers} for details.
+c.f. Ch. \ref{supported-curves} for details.
+
+When dealing with SSH formatted private keys the following encryption algorithms are supported:
 
-OpenSSH PEM files can either not be encrypted, or the encryption is done via \texttt{aes256-cbc}
-and key derivation via \texttt{bcrypt}, c.f. Ch. \ref{bcrypt}.
+\begin{table}[H]
+\begin{small}
+\begin{tabular}{|l|l|l|l|}
+\hline \textbf{Identifier}        & \textbf{Cipher} & \textbf{Key size in bits} & \textbf{Mode} \\
+\hline \texttt{none}              & none            & 0                         & none \\
+\hline \texttt{aes128-cbc}        & AES             & 128                       & CBC  \\
+\hline \texttt{aes128-ctr}        & AES             & 128                       & CTR  \\
+\hline \texttt{aes192-cbc}        & AES             & 192                       & CBC  \\
+\hline \texttt{aes192-ctr}        & AES             & 192                       & CTR  \\
+\hline \texttt{aes256-cbc}        & AES             & 256                       & CBC  \\
+\hline \texttt{aes256-ctr}        & AES             & 256                       & CTR  \\
+\hline \texttt{blowfish128-cbc}   & Blowfish        & 128                       & CBC  \\
+\hline \texttt{blowfish128-ctr}   & Blowfish        & 128                       & CTR  \\
+\hline \texttt{des-cbc}           & DES             & 64                        & CBC  \\
+\hline \texttt{3des-cbc}          & 3DES (EDE)      & 192                       & CBC  \\
+\hline \texttt{3des-ctr}          & 3DES (EDE)      & 192                       & CTR  \\
+\hline \texttt{serpent128-cbc}    & Serpent         & 128                       & CBC  \\
+\hline \texttt{serpent128-ctr}    & Serpent         & 128                       & CTR  \\
+\hline \texttt{serpent192-cbc}    & Serpent         & 192                       & CBC  \\
+\hline \texttt{serpent192-ctr}    & Serpent         & 192                       & CTR  \\
+\hline \texttt{serpent256-cbc}    & Serpent         & 256                       & CBC  \\
+\hline \texttt{serpent256-ctr}    & Serpent         & 256                       & CTR  \\
+\hline \texttt{twofish128-cbc}    & Twofish         & 128                       & CBC  \\
+\hline \texttt{twofish128-ctr}    & Twofish         & 128                       & CTR  \\
+\hline \texttt{twofish192-cbc}    & Twofish         & 192                       & CBC  \\
+\hline \texttt{twofish192-ctr}    & Twofish         & 192                       & CTR  \\
+\hline \texttt{twofish-cbc}       & Twofish         & 256                       & CBC  \\
+\hline \texttt{twofish256-cbc}    & Twofish         & 256                       & CBC  \\
+\hline \texttt{twofish256-ctr}    & Twofish         & 256                       & CTR  \\
+\hline
+\end{tabular}
+\end{small}
+\caption{List of supported SSH Encryption algorithms}
+\label{supported-ssh-encryption-algorithms}
+\end{table}
 
 The API functions provided to decode an OpenSSH PEM file into the \texttt{ltc\_pka\_key} union are:
 

makefile_include.mk

@@ -168,7 +168,7 @@ TEST=test
 USEFUL_DEMOS   = hashsum
 
 # Demos that are usable but only rarely make sense to be installed
-USEABLE_DEMOS  = ltcrypt sizes constants
+USEABLE_DEMOS  = ltcrypt sizes constants pem-info
 
 # Demos that are used for testing or measuring
 TEST_DEMOS     = small tv_gen

src/headers/tomcrypt_pk.h

@@ -527,7 +527,7 @@ int dsa_shared_secret(void          *private_key, void *base,
 #endif /* LTC_MDSA */
 
 /*
- * LibTomCrypt Public Key Algorithm descriptor
+ * LibTomCrypt tagged-union for holding a Public Key
  */
 
 typedef struct {
@@ -548,6 +548,7 @@ typedef struct {
 #ifdef LTC_MRSA
       rsa_key rsa;
 #endif
+      char dummy;
    } u;
    enum ltc_pka_id id;
 } ltc_pka_key;

src/misc/pem/pem_pkcs.c

@@ -168,7 +168,7 @@ static int s_import_pkcs8(unsigned char *pem, unsigned long l, ltc_pka_key *k, c
    return err;
 }
 
-int s_extract_pka(unsigned char *pem, unsigned long w, enum ltc_pka_id *pka)
+static int s_extract_pka(unsigned char *pem, unsigned long w, enum ltc_pka_id *pka)
 {
    ltc_asn1_list *pub;
    int err = CRYPT_ERROR;

src/misc/pem/pem_ssh.c

@@ -43,6 +43,7 @@ const struct blockcipher_info ssh_ciphers[] =
    { .name = "twofish256-cbc",  .algo = "twofish",  .keylen = 256 / 8, .mode = cm_cbc  },
    { .name = "twofish256-ctr",  .algo = "twofish",  .keylen = 256 / 8, .mode = cm_ctr  },
 };
+const unsigned long ssh_ciphers_num = sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]);
 
 struct kdf_options {
    const char *name;
@@ -470,7 +471,7 @@ static int s_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_o
 
    *inlen = len + slen + 1;
 
-   for (i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) {
+   for (i = 0; i < ssh_ciphers_num; ++i) {
       if (XSTRCMP((char*)ciphername, ssh_ciphers[i].name) == 0) {
          opts->cipher = &ssh_ciphers[i];
          break;