Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Runtime check for EC keys in Secure Session #693

Merged
merged 7 commits into from
Aug 12, 2020
Merged

Runtime check for EC keys in Secure Session #693

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
2406fe2
Runtime check for EC keys in Secure Session
iamnotacake Aug 11, 2020
ffd3ae5
Update changelog
iamnotacake Aug 11, 2020
b8cf3af
Fix test compilation issues
iamnotacake Aug 11, 2020
668db5e
Fix code formatting
iamnotacake Aug 11, 2020
2222185
Updates after review
iamnotacake Aug 11, 2020
b39cdfd
Updates after review
iamnotacake Aug 12, 2020
4e2d4e5
Remove unused include
iamnotacake Aug 12, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ _Code:_
- Include embedded BoringSSL into Soter for convenience ([#681](https://github.com/cossacklabs/themis/pull/681)).
- `make deb` and `make rpm` with `ENGINE=boringssl` will now produce `libthemis-boringssl` packages with embedded BoringSSL ([#683](https://github.com/cossacklabs/themis/pull/683)).
- Improved compatibility with OpenSSL 1.1.1 ([#684](https://github.com/cossacklabs/themis/pull/684)).
- `secure_session_create()` now allows only EC keys, returning an error for RSA ([#693](https://github.com/cossacklabs/themis/pull/693)).

- **Android**

Expand Down
9 changes: 9 additions & 0 deletions src/themis/secure_session.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
#include "soter/soter_t.h"
#include "soter/soter_wipe.h"

#include "themis/secure_keygen.h"
#include "themis/secure_session_t.h"
#include "themis/secure_session_utils.h"
#include "themis/themis_portable_endian.h"
Expand Down Expand Up @@ -101,6 +102,14 @@ themis_status_t secure_session_init(secure_session_t* session_ctx,
soter_status_t soter_status;
themis_status_t res = THEMIS_SUCCESS;

/* This change prevents from using RSA keys in Secure Session,
* as they are currently not supported */
themis_key_kind_t key_kind = themis_get_asym_key_kind(sign_key, sign_key_length);
if (key_kind != THEMIS_KEY_EC_PRIVATE) {
res = THEMIS_INVALID_PARAMETER;
goto err;
}

res = secure_session_check_user_callbacks(user_callbacks);
if (THEMIS_SUCCESS != res) {
goto err;
Expand Down
1 change: 1 addition & 0 deletions src/themis/secure_session_peer.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
#include <string.h>

#include "soter/soter_wipe.h"
#include "themis/secure_keygen.h"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It guess it's not necessary to include this any more.


void secure_session_peer_cleanup(secure_session_peer_t* peer)
{
Expand Down
109 changes: 88 additions & 21 deletions tests/themis/themis_secure_session.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@
#include <assert.h>
#include <string.h>

#include "themis_secure_session_test_keys.h"

/* Fuzz parameters */
#define MAX_MESSAGE_SIZE 2048
#define MESSAGES_TO_SEND 3
Expand All @@ -28,27 +30,7 @@
#define TEST_STOP_SUCCESS 0
#define TEST_STOP_ERROR (-1)

static uint8_t client_priv[] = {
0x52, 0x45, 0x43, 0x32, 0x00, 0x00, 0x00, 0x2d, 0x51, 0xf4, 0xaa, 0x72, 0x00, 0x9f, 0x0f,
0x09, 0xce, 0xbe, 0x09, 0x33, 0xc2, 0x5e, 0x9a, 0x05, 0x99, 0x53, 0x9d, 0xb2, 0x32, 0xa2,
0x34, 0x64, 0x7a, 0xde, 0xde, 0x83, 0x8f, 0x65, 0xa9, 0x2a, 0x14, 0x6d, 0xaa, 0x90, 0x01,
};
static uint8_t client_pub[] = {
0x55, 0x45, 0x43, 0x32, 0x00, 0x00, 0x00, 0x2d, 0x13, 0x8b, 0xdf, 0x0c, 0x02, 0x1f, 0x09,
0x88, 0x39, 0xd9, 0x73, 0x3a, 0x84, 0x8f, 0xa8, 0x50, 0xd9, 0x2b, 0xed, 0x3d, 0x38, 0xcf,
0x1d, 0xd0, 0xce, 0xf4, 0xae, 0xdb, 0xcf, 0xaf, 0xcb, 0x6b, 0xa5, 0x4a, 0x08, 0x11, 0x21,
};

static uint8_t server_priv[] = {
0x52, 0x45, 0x43, 0x32, 0x00, 0x00, 0x00, 0x2d, 0x49, 0x87, 0x04, 0x6b, 0x00, 0xf2, 0x06,
0x07, 0x7d, 0xc7, 0x1c, 0x59, 0xa1, 0x8f, 0x39, 0xfc, 0x94, 0x81, 0x3f, 0x9e, 0xc5, 0xba,
0x70, 0x6f, 0x93, 0x08, 0x8d, 0xe3, 0x85, 0x82, 0x5b, 0xf8, 0x3f, 0xc6, 0x9f, 0x0b, 0xdf,
};
static uint8_t server_pub[] = {
0x55, 0x45, 0x43, 0x32, 0x00, 0x00, 0x00, 0x2d, 0x75, 0x58, 0x33, 0xd4, 0x02, 0x12, 0xdf,
0x1f, 0xe9, 0xea, 0x48, 0x11, 0xe1, 0xf9, 0x71, 0x8e, 0x24, 0x11, 0xcb, 0xfd, 0xc0, 0xa3,
0x6e, 0xd6, 0xac, 0x88, 0xb6, 0x44, 0xc2, 0x9a, 0x24, 0x84, 0xee, 0x50, 0x4c, 0x3e, 0xa0,
};
/* Test keys can be found in themis_secure_session_test_keys.h */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍


typedef struct client_info_type client_info_t;

Expand Down Expand Up @@ -96,6 +78,22 @@ static client_info_t server = {
},
};

static client_info_t client_rsa = {
"client",
client_priv_rsa,
sizeof(client_priv_rsa),
client_pub_rsa,
sizeof(client_pub_rsa),
NULL,
{
NULL,
NULL,
NULL,
NULL,
NULL,
},
};

/* Peers will communicate using shared memory */
static uint8_t shared_mem[4096];
static size_t current_length = 0;
Expand Down Expand Up @@ -668,11 +666,80 @@ static void test_basic_flow_no_transport(void)
}
}

static void test_empty_peer_id(void)
{
memcpy(&(client.transport), &transport, sizeof(secure_session_user_callbacks_t));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remember: using memcpy is ok only for tests / non-sensitive data

client.transport.user_data = &client;

client.session = secure_session_create(NULL, 9001, client.priv, client.priv_length, &(client.transport));

testsuite_fail_if(client.session != NULL, "secure_session_create must fail with peer id == NULL");

client.session =
secure_session_create(client.id, 0, client.priv, client.priv_length, &(client.transport));
ilammy marked this conversation as resolved.
Show resolved Hide resolved

testsuite_fail_if(client.session != NULL, "secure_session_create must fail with peer id_len == 0");
}

static void test_create_session_with_ec_pubkey(void)
{
memcpy(&(client_rsa.transport), &transport, sizeof(secure_session_user_callbacks_t));
client_rsa.transport.user_data = &client_rsa;
Comment on lines +686 to +687
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, this a weird way to setup a Secure Session – with global variables and memcpy() – but I'll let it pass given that all tests here are like that. It's not nice coding practice because it makes impossible to run the tests in parallel. However, refactoring this is a topic for another day.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess the easiest way to refactor this is to mark those glogal vars as thread local and then create as many threads as we like, so they will run in parallel. Another question is whether the test framework is ready for such changes. And these tests are really fast, like almost instant, and the only computation-heavy check is soter rand: NIST STS, which, btw, only uses one CPU core.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can also just create a new client context and callbacks for each test :) Which is arguably more readable and obvious than thread-local variables. It's more verbose, yeah, but dumb test code is better than smart one, IMO.


/* Public keys are not the ones secure_session_create() expects */

client.session = secure_session_create(client.id,
strlen(client.id),
client.pub,
client.pub_length,
&(client.transport));

testsuite_fail_if(client.session != NULL, "secure_session_create must fail with EC pub key");
}

static void test_create_session_with_rsa_privkey(void)
{
memcpy(&(client.transport), &transport, sizeof(secure_session_user_callbacks_t));
client.transport.user_data = &client_rsa;

/* RSA keys are not currently supported */

client_rsa.session = secure_session_create(client_rsa.id,
strlen(client_rsa.id),
client_rsa.priv,
client_rsa.priv_length,
&(client_rsa.transport));

testsuite_fail_if(client_rsa.session != NULL, "secure_session_create must fail with RSA key");
}

static void test_create_session_with_rsa_pubkey(void)
{
memcpy(&(client.transport), &transport, sizeof(secure_session_user_callbacks_t));
client.transport.user_data = &client_rsa;

/* Public keys are not expected at all */

client_rsa.session = secure_session_create(client_rsa.id,
strlen(client_rsa.id),
client_rsa.pub,
client_rsa.pub_length,
&(client_rsa.transport));

testsuite_fail_if(client_rsa.session != NULL, "secure_session_create must fail with RSA pub key");
}

void run_secure_session_test(void)
{
testsuite_enter_suite("secure session: basic flow");
testsuite_run_test(test_basic_flow);

testsuite_enter_suite("secure session: basic flow (no transport)");
testsuite_run_test(test_basic_flow_no_transport);

testsuite_enter_suite("secure session: invalid parameters");
testsuite_run_test(test_empty_peer_id);
testsuite_run_test(test_create_session_with_ec_pubkey);
testsuite_run_test(test_create_session_with_rsa_privkey);
testsuite_run_test(test_create_session_with_rsa_pubkey);
}
123 changes: 123 additions & 0 deletions tests/themis/themis_secure_session_test_keys.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
#ifndef THEMIS_SECURE_SESSION_TEST_KEYS_H
#define THEMIS_SECURE_SESSION_TEST_KEYS_H

#include <stdint.h>

static uint8_t client_priv[] = {
0x52, 0x45, 0x43, 0x32, 0x00, 0x00, 0x00, 0x2d, 0x51, 0xf4, 0xaa, 0x72, 0x00, 0x9f, 0x0f,
0x09, 0xce, 0xbe, 0x09, 0x33, 0xc2, 0x5e, 0x9a, 0x05, 0x99, 0x53, 0x9d, 0xb2, 0x32, 0xa2,
0x34, 0x64, 0x7a, 0xde, 0xde, 0x83, 0x8f, 0x65, 0xa9, 0x2a, 0x14, 0x6d, 0xaa, 0x90, 0x01,
};
static uint8_t client_pub[] = {
0x55, 0x45, 0x43, 0x32, 0x00, 0x00, 0x00, 0x2d, 0x13, 0x8b, 0xdf, 0x0c, 0x02, 0x1f, 0x09,
0x88, 0x39, 0xd9, 0x73, 0x3a, 0x84, 0x8f, 0xa8, 0x50, 0xd9, 0x2b, 0xed, 0x3d, 0x38, 0xcf,
0x1d, 0xd0, 0xce, 0xf4, 0xae, 0xdb, 0xcf, 0xaf, 0xcb, 0x6b, 0xa5, 0x4a, 0x08, 0x11, 0x21,
};

static uint8_t server_priv[] = {
0x52, 0x45, 0x43, 0x32, 0x00, 0x00, 0x00, 0x2d, 0x49, 0x87, 0x04, 0x6b, 0x00, 0xf2, 0x06,
0x07, 0x7d, 0xc7, 0x1c, 0x59, 0xa1, 0x8f, 0x39, 0xfc, 0x94, 0x81, 0x3f, 0x9e, 0xc5, 0xba,
0x70, 0x6f, 0x93, 0x08, 0x8d, 0xe3, 0x85, 0x82, 0x5b, 0xf8, 0x3f, 0xc6, 0x9f, 0x0b, 0xdf,
};
static uint8_t server_pub[] = {
0x55, 0x45, 0x43, 0x32, 0x00, 0x00, 0x00, 0x2d, 0x75, 0x58, 0x33, 0xd4, 0x02, 0x12, 0xdf,
0x1f, 0xe9, 0xea, 0x48, 0x11, 0xe1, 0xf9, 0x71, 0x8e, 0x24, 0x11, 0xcb, 0xfd, 0xc0, 0xa3,
0x6e, 0xd6, 0xac, 0x88, 0xb6, 0x44, 0xc2, 0x9a, 0x24, 0x84, 0xee, 0x50, 0x4c, 0x3e, 0xa0,
};

static uint8_t client_priv_rsa[] = {
0x52, 0x52, 0x41, 0x32, 0x00, 0x00, 0x04, 0x90, 0x94, 0x65, 0xbe, 0x5c, 0x75, 0x5e, 0x6a, 0xea,
0xeb, 0x7d, 0x0d, 0x59, 0xa4, 0xe3, 0xc4, 0xb0, 0x2c, 0x11, 0x7b, 0xc6, 0xb0, 0x0e, 0xb0, 0x97,
0x65, 0x25, 0x0a, 0xb2, 0xb1, 0xa0, 0xdd, 0x93, 0x59, 0x66, 0x6c, 0x7f, 0xaa, 0xfc, 0x00, 0x29,
0x0e, 0xcc, 0x45, 0xd2, 0xeb, 0x1d, 0x4d, 0x88, 0x57, 0xff, 0x6d, 0x3a, 0x85, 0x4e, 0x51, 0x21,
0x49, 0xa2, 0xfb, 0x73, 0xc8, 0xb3, 0xfe, 0x66, 0xe3, 0xa5, 0x84, 0x2b, 0x23, 0xa7, 0xbd, 0x62,
0x19, 0x51, 0xc8, 0x1d, 0x1e, 0x94, 0x50, 0x8c, 0x0d, 0x06, 0x8f, 0x0f, 0x7e, 0xb1, 0x96, 0xeb,
0xea, 0xfe, 0xa1, 0x67, 0x32, 0x23, 0xb7, 0xe2, 0x14, 0xf7, 0x65, 0xc3, 0xc1, 0x2b, 0x7c, 0xcc,
0x78, 0x50, 0x2c, 0x61, 0x6b, 0x59, 0xe8, 0x36, 0xe8, 0x22, 0x5b, 0x48, 0x7b, 0x40, 0x0e, 0xfc,
0x40, 0x03, 0x2c, 0x14, 0x6e, 0xf1, 0x09, 0xf2, 0x83, 0x40, 0xcf, 0x8f, 0xfc, 0x1b, 0x19, 0x35,
0x3a, 0x51, 0xca, 0x3e, 0x18, 0xec, 0xb1, 0xef, 0x83, 0x5d, 0x26, 0x1b, 0x19, 0x7a, 0x8e, 0x9a,
0x28, 0xef, 0x43, 0xe7, 0xa1, 0xc5, 0x24, 0x3d, 0x01, 0xf5, 0x25, 0xe1, 0x6c, 0x28, 0x68, 0xdd,
0x4e, 0x8b, 0x42, 0x9f, 0x09, 0x39, 0xf2, 0x59, 0x0e, 0xe5, 0x86, 0x2f, 0xe6, 0xe4, 0xda, 0x5f,
0xff, 0x24, 0x8f, 0x01, 0x08, 0xbd, 0x91, 0x5d, 0xb1, 0x19, 0xe2, 0xcc, 0xae, 0xcd, 0xf2, 0xbb,
0x0e, 0xc1, 0xd3, 0xfd, 0x3b, 0x09, 0x65, 0xe5, 0xc0, 0x65, 0x0d, 0xe6, 0xd7, 0x92, 0xda, 0xce,
0x36, 0xa4, 0x43, 0xa1, 0xfb, 0x0d, 0x18, 0x2e, 0x6a, 0x19, 0x06, 0x2a, 0x86, 0xb0, 0xd4, 0x79,
0x9a, 0xf4, 0x65, 0xd7, 0x00, 0xd8, 0x36, 0x52, 0xd3, 0x04, 0x78, 0xfb, 0xa1, 0x5f, 0xaa, 0x5b,
0xac, 0x07, 0xed, 0x60, 0xee, 0x51, 0xc5, 0x9a, 0xee, 0x33, 0xd1, 0xf5, 0xec, 0x2b, 0xfa, 0x7a,
0xb5, 0x08, 0xd2, 0x84, 0x88, 0xb3, 0x7c, 0x5b, 0xd1, 0x93, 0x49, 0xb8, 0xe2, 0xc4, 0xb1, 0x92,
0x03, 0x91, 0x7e, 0x46, 0x9f, 0x77, 0x98, 0xd5, 0x27, 0x4e, 0x83, 0x9b, 0x63, 0xca, 0x14, 0xe2,
0x52, 0x1d, 0x80, 0xa4, 0x46, 0x9e, 0x30, 0x6e, 0x88, 0xe0, 0xa2, 0xcb, 0x6b, 0x23, 0xdc, 0x9f,
0x63, 0x50, 0x69, 0xf0, 0x16, 0x9a, 0x7d, 0xb3, 0xd1, 0x6b, 0x4c, 0x54, 0x2b, 0x47, 0x02, 0x82,
0x77, 0xd1, 0x6c, 0x14, 0x96, 0x4d, 0xb2, 0x10, 0xd9, 0x49, 0x67, 0x6b, 0x45, 0x7f, 0x54, 0xec,
0xe9, 0x71, 0x8e, 0x71, 0xbf, 0xec, 0xfe, 0x1f, 0xb0, 0xaf, 0xce, 0x47, 0x2c, 0x18, 0xfa, 0xdc,
0x43, 0x7b, 0x8c, 0x40, 0x5e, 0x2a, 0xe4, 0x87, 0x26, 0x65, 0xa3, 0x8a, 0x67, 0x45, 0x67, 0x7f,
0xf3, 0x8c, 0x3c, 0x55, 0xb3, 0xc4, 0x29, 0x6f, 0xaf, 0x83, 0xde, 0x77, 0xc5, 0x78, 0x70, 0x58,
0x23, 0x61, 0x83, 0xf7, 0xbc, 0xd8, 0x73, 0x9e, 0x58, 0x9e, 0x8c, 0xae, 0x9c, 0xce, 0xd8, 0x25,
0x10, 0x5b, 0xb7, 0x9a, 0x7d, 0x3a, 0x3c, 0x2b, 0xe8, 0x02, 0x21, 0xd5, 0x34, 0x8b, 0xfd, 0x71,
0x2d, 0xc1, 0x7d, 0x71, 0xf8, 0xe7, 0xbf, 0xc0, 0x92, 0x3e, 0xb5, 0x82, 0xf7, 0xb9, 0x84, 0x09,
0xea, 0x1f, 0xcd, 0x15, 0x2d, 0xfc, 0x66, 0x4c, 0x6b, 0xcc, 0x16, 0x47, 0x0c, 0x7e, 0xee, 0x40,
0xce, 0x0d, 0xd2, 0x5f, 0x39, 0x8b, 0x13, 0x0c, 0x67, 0x8f, 0x19, 0x37, 0x71, 0x3d, 0x2c, 0xe8,
0x44, 0x8a, 0x58, 0xd1, 0xe4, 0xa4, 0x27, 0x7f, 0x63, 0x68, 0x6e, 0x3c, 0x46, 0x0d, 0x3a, 0xc6,
0x6c, 0x33, 0x86, 0x0b, 0xef, 0x16, 0xb2, 0x5b, 0x56, 0xfc, 0x6a, 0xca, 0x80, 0xf5, 0xb6, 0xf4,
0x50, 0x81, 0xde, 0x35, 0x91, 0x7d, 0x1a, 0x94, 0x6b, 0x7c, 0xc1, 0x93, 0x35, 0x2c, 0xe1, 0xc4,
0xe7, 0x26, 0x09, 0x60, 0x55, 0xf7, 0x33, 0xb4, 0xe8, 0xc7, 0x24, 0xfe, 0x3f, 0xf0, 0xd1, 0x9a,
0x72, 0xbb, 0x3b, 0x97, 0x63, 0x28, 0x66, 0x7c, 0xf7, 0xd0, 0xb1, 0xc9, 0x36, 0xfa, 0xb5, 0x21,
0x10, 0x24, 0x1c, 0x66, 0xe0, 0x8f, 0x95, 0x90, 0x0d, 0xb9, 0xa6, 0x6d, 0xee, 0xbd, 0xb0, 0x5b,
0x22, 0xdd, 0x64, 0x3c, 0xee, 0x99, 0xf2, 0x5b, 0x9e, 0x77, 0x6e, 0x44, 0x35, 0x4a, 0x53, 0xc2,
0x54, 0x80, 0x0e, 0xb9, 0xc3, 0xed, 0xd2, 0x7e, 0x00, 0xae, 0x8a, 0x5e, 0x98, 0xd3, 0x46, 0xa7,
0xe1, 0x17, 0xf4, 0x5e, 0xa0, 0x3c, 0x18, 0x2b, 0xc2, 0x78, 0x93, 0x15, 0x6b, 0x54, 0x64, 0x87,
0x5b, 0x9a, 0x61, 0xc5, 0xcc, 0x6e, 0x13, 0xee, 0x6a, 0x32, 0xd0, 0x53, 0xc5, 0x54, 0xd7, 0x2c,
0xf4, 0x05, 0x4b, 0x40, 0x70, 0xad, 0x66, 0x37, 0x03, 0x69, 0xc9, 0x99, 0xb2, 0xa8, 0xdb, 0x0c,
0x03, 0x46, 0xd0, 0xfd, 0x2d, 0x50, 0xb0, 0x9a, 0x8d, 0x17, 0x35, 0xb5, 0x2d, 0x8e, 0x3f, 0x24,
0x99, 0x7e, 0x41, 0xc9, 0x76, 0x8f, 0x5f, 0xad, 0x61, 0xc5, 0xbc, 0x12, 0x87, 0xee, 0x38, 0x29,
0x53, 0xfa, 0x81, 0xa2, 0xc2, 0x4d, 0xfa, 0xc1, 0x22, 0x0f, 0xb6, 0x6d, 0x7d, 0xef, 0xcc, 0xb4,
0xa3, 0xac, 0x8e, 0x02, 0x21, 0x8f, 0x00, 0x87, 0x17, 0xe8, 0x98, 0x27, 0x43, 0xf8, 0xfb, 0x5a,
0x8a, 0x93, 0x1a, 0xc8, 0xa8, 0xe9, 0x59, 0x1c, 0x99, 0xfd, 0x70, 0x15, 0x27, 0x50, 0xef, 0xf6,
0x5d, 0x3c, 0xc6, 0x4b, 0x70, 0x8f, 0xcc, 0x64, 0x86, 0xee, 0x0e, 0xfe, 0x5d, 0x6a, 0xce, 0xc8,
0x83, 0x50, 0xc2, 0x70, 0xbd, 0xaa, 0x4d, 0x48, 0x32, 0x95, 0x41, 0x91, 0x61, 0xc7, 0xed, 0xf5,
0x71, 0x79, 0x6e, 0x30, 0x0d, 0x27, 0xa1, 0x0a, 0xb3, 0x8d, 0x36, 0x1d, 0x2f, 0xf2, 0xec, 0xff,
0x45, 0x4d, 0x06, 0x6f, 0x52, 0x20, 0x9c, 0xdb, 0x31, 0x09, 0xe1, 0x48, 0x5b, 0x7d, 0x91, 0x6b,
0x5a, 0x24, 0x10, 0x27, 0x69, 0x18, 0x41, 0x57, 0x98, 0x91, 0x1a, 0x92, 0x9f, 0xd7, 0x9c, 0xc2,
0x58, 0x7d, 0xc7, 0x35, 0x2b, 0xca, 0xed, 0x60, 0xf7, 0xc1, 0x3d, 0x02, 0x47, 0x58, 0x0c, 0x63,
0xe1, 0xa8, 0x91, 0xd2, 0xf1, 0x85, 0xd4, 0xdc, 0xcf, 0x44, 0x91, 0x32, 0xde, 0xd0, 0xd7, 0x87,
0x0d, 0x41, 0x77, 0x54, 0xc5, 0x00, 0xab, 0x02, 0x1e, 0x11, 0xf7, 0xf7, 0xe9, 0x8f, 0x5e, 0x6b,
0x8a, 0xc5, 0xc2, 0x9d, 0xcb, 0x07, 0xfe, 0xc7, 0x09, 0x93, 0x48, 0xb0, 0xcd, 0x6c, 0x7d, 0xf1,
0x14, 0x13, 0xa9, 0x99, 0xdc, 0x9a, 0x9f, 0xc2, 0x72, 0x99, 0xde, 0xce, 0xb4, 0x42, 0x79, 0x0a,
0x33, 0xb0, 0x9e, 0x2f, 0xb6, 0xf0, 0x9a, 0x50, 0x74, 0xb1, 0x0f, 0x5b, 0xb6, 0x2c, 0xf4, 0x02,
0x64, 0x2c, 0x69, 0x2c, 0x7f, 0x86, 0xcc, 0x11, 0xd4, 0x77, 0x19, 0xfe, 0x4a, 0x09, 0xc3, 0xf3,
0xbd, 0x29, 0xe3, 0x7d, 0x6d, 0x9f, 0x8e, 0x6d, 0xa6, 0x69, 0x3a, 0xc8, 0x23, 0x55, 0x5b, 0x3f,
0xcb, 0x8c, 0xf3, 0x8f, 0x4e, 0x48, 0x05, 0x52, 0x3a, 0xf1, 0x8c, 0x0c, 0xcb, 0xd8, 0x3d, 0xbe,
0x60, 0xd4, 0x17, 0x8a, 0x98, 0x9b, 0x03, 0xb8, 0xd5, 0x0e, 0xd2, 0xb1, 0xe0, 0x67, 0x9c, 0x93,
0xc2, 0xbc, 0xfe, 0x6c, 0x4a, 0x4b, 0x0b, 0x07, 0xe8, 0xe1, 0x15, 0xc5, 0xd1, 0x48, 0xe4, 0xc7,
0xae, 0x0b, 0x06, 0x68, 0x57, 0x9d, 0xd6, 0xe4, 0x2e, 0x8c, 0x85, 0x87, 0x02, 0xf2, 0xb7, 0x36,
0x7e, 0xce, 0x73, 0x70, 0x1c, 0x33, 0x82, 0x4e, 0x4c, 0xdf, 0xfd, 0x59, 0x76, 0xa6, 0xa9, 0x95,
0xd4, 0x79, 0xd7, 0xf1, 0xf3, 0xb9, 0xa6, 0x59, 0x5d, 0x4c, 0xd4, 0x6f, 0xb3, 0x27, 0x07, 0x81,
0xbf, 0xcf, 0xc8, 0x35, 0x95, 0x68, 0x66, 0xab, 0x2d, 0x61, 0xbd, 0x09, 0xbb, 0x16, 0xcf, 0x38,
0x5e, 0x96, 0xeb, 0x93, 0x7a, 0x97, 0x78, 0x50, 0x2d, 0x7d, 0xe3, 0x41, 0x8b, 0xca, 0x6f, 0x07,
0x47, 0x00, 0xcd, 0x13, 0x35, 0xaa, 0x21, 0xcc, 0x46, 0x12, 0x0e, 0x25, 0x45, 0xee, 0x2f, 0x9c,
0x42, 0x09, 0x80, 0x72, 0x99, 0xee, 0x31, 0x6d, 0x77, 0xbd, 0x89, 0x19, 0x15, 0x94, 0xd9, 0xea,
0xd1, 0xaf, 0x69, 0x3a, 0x3f, 0xdf, 0x14, 0xca, 0x27, 0xab, 0xb7, 0x70, 0x58, 0x4b, 0xe8, 0x14,
0x92, 0x4c, 0xcc, 0x56, 0xf8, 0x4c, 0x50, 0x89, 0xea, 0x01, 0xf6, 0x5c, 0x7d, 0x6d, 0xbe, 0x09,
0xda, 0x02, 0x90, 0x7f, 0x29, 0xaa, 0xdc, 0xf3, 0x13, 0x03, 0xc6, 0x8e, 0xd5, 0xed, 0xab, 0x00,
0xf1, 0x68, 0x43, 0x7f, 0xc1, 0x45, 0xd3, 0x1b, 0xb2, 0x14, 0x75, 0x55, 0x00, 0x01, 0x00, 0x01,
};
static uint8_t client_pub_rsa[] = {
0x55, 0x52, 0x41, 0x32, 0x00, 0x00, 0x01, 0x10, 0xe9, 0x99, 0x84, 0x59, 0xb6, 0x2c, 0xf4, 0x02,
0x64, 0x2c, 0x69, 0x2c, 0x7f, 0x86, 0xcc, 0x11, 0xd4, 0x77, 0x19, 0xfe, 0x4a, 0x09, 0xc3, 0xf3,
0xbd, 0x29, 0xe3, 0x7d, 0x6d, 0x9f, 0x8e, 0x6d, 0xa6, 0x69, 0x3a, 0xc8, 0x23, 0x55, 0x5b, 0x3f,
0xcb, 0x8c, 0xf3, 0x8f, 0x4e, 0x48, 0x05, 0x52, 0x3a, 0xf1, 0x8c, 0x0c, 0xcb, 0xd8, 0x3d, 0xbe,
0x60, 0xd4, 0x17, 0x8a, 0x98, 0x9b, 0x03, 0xb8, 0xd5, 0x0e, 0xd2, 0xb1, 0xe0, 0x67, 0x9c, 0x93,
0xc2, 0xbc, 0xfe, 0x6c, 0x4a, 0x4b, 0x0b, 0x07, 0xe8, 0xe1, 0x15, 0xc5, 0xd1, 0x48, 0xe4, 0xc7,
0xae, 0x0b, 0x06, 0x68, 0x57, 0x9d, 0xd6, 0xe4, 0x2e, 0x8c, 0x85, 0x87, 0x02, 0xf2, 0xb7, 0x36,
0x7e, 0xce, 0x73, 0x70, 0x1c, 0x33, 0x82, 0x4e, 0x4c, 0xdf, 0xfd, 0x59, 0x76, 0xa6, 0xa9, 0x95,
0xd4, 0x79, 0xd7, 0xf1, 0xf3, 0xb9, 0xa6, 0x59, 0x5d, 0x4c, 0xd4, 0x6f, 0xb3, 0x27, 0x07, 0x81,
0xbf, 0xcf, 0xc8, 0x35, 0x95, 0x68, 0x66, 0xab, 0x2d, 0x61, 0xbd, 0x09, 0xbb, 0x16, 0xcf, 0x38,
0x5e, 0x96, 0xeb, 0x93, 0x7a, 0x97, 0x78, 0x50, 0x2d, 0x7d, 0xe3, 0x41, 0x8b, 0xca, 0x6f, 0x07,
0x47, 0x00, 0xcd, 0x13, 0x35, 0xaa, 0x21, 0xcc, 0x46, 0x12, 0x0e, 0x25, 0x45, 0xee, 0x2f, 0x9c,
0x42, 0x09, 0x80, 0x72, 0x99, 0xee, 0x31, 0x6d, 0x77, 0xbd, 0x89, 0x19, 0x15, 0x94, 0xd9, 0xea,
0xd1, 0xaf, 0x69, 0x3a, 0x3f, 0xdf, 0x14, 0xca, 0x27, 0xab, 0xb7, 0x70, 0x58, 0x4b, 0xe8, 0x14,
0x92, 0x4c, 0xcc, 0x56, 0xf8, 0x4c, 0x50, 0x89, 0xea, 0x01, 0xf6, 0x5c, 0x7d, 0x6d, 0xbe, 0x09,
0xda, 0x02, 0x90, 0x7f, 0x29, 0xaa, 0xdc, 0xf3, 0x13, 0x03, 0xc6, 0x8e, 0xd5, 0xed, 0xab, 0x00,
0xf1, 0x68, 0x43, 0x7f, 0xc1, 0x45, 0xd3, 0x1b, 0xb2, 0x14, 0x75, 0x55, 0x00, 0x01, 0x00, 0x01,
};

#endif /* THEMIS_SECURE_SESSION_TEST_KEYS_H */