bcollet/apc-p15-tool
1
0
Fork 0
mirror of https://github.com/gregtwallace/apc-p15-tool.git synced 2025-01-22 08:14:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add rsa 3,072 bit support

Browse source
This commit is contained in:
Greg T. Wallace 2024-06-24 18:23:02 -04:00
parent b7026ff906
commit 06f9892501
2 changed files with 10 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
README.md
View file

@ -58,14 +58,15 @@ and licensed under the GPL-3.0 license.
Both NMC2 and NMC3 devices should be fully supported. However, I have one Both NMC2 and NMC3 devices should be fully supported. However, I have one
NMC2 device in a home lab and have no way to guarantee success in all cases. NMC2 device in a home lab and have no way to guarantee success in all cases.
Only RSA 1,024 and 2,048 bit keys are accepted. 1,024 bit RSA is no longer Only RSA 1,024, 2,048, and 3,072 bit keys are accepted. 1,024 bit RSA is no
considered completely secure; avoid keys of this size if possible. Most longer considered completely secure; avoid keys of this size if possible. Most
(all?) public ACME services won't accept keys of this size anyway. (all?) public ACME services won't accept keys of this size anyway.
Even though later versions of the NMC3 firmware supports RSA 4,096 and NMC2 does not officially support the 3,072 bit key size, however, it works fine
ECDSA keys, this tool does not. These options were not available in APC's on my NMC2. If you use this size and it doesn't work on your NMC2, try a 2,048
proprietary tool, and as such I have no way to generate files to reverse bit key instead. Later versions of the NMC3 firmware support RSA 4,096 and
engineer. ECDSA keys, but this tool does not. ECDSA was not included in APC's proprietary
tool, and as such I have no way to generate files to reverse engineer.
My setup (and therefore the testing setup) is: My setup (and therefore the testing setup) is:
- APC Smart-UPS 1500VA RM 2U SUA1500RM2U (Firmware Revision 667.18.D) - APC Smart-UPS 1500VA RM 2U SUA1500RM2U (Firmware Revision 667.18.D)

6
pkg/pkcs15/pem_decode.go
View file

@ -13,7 +13,7 @@ var (
errPemKeyBadBlock = errors.New("pkcs15: pem key: failed to decode pem block") errPemKeyBadBlock = errors.New("pkcs15: pem key: failed to decode pem block")
errPemKeyFailedToParse = errors.New("pkcs15: pem key: failed to parse key") errPemKeyFailedToParse = errors.New("pkcs15: pem key: failed to parse key")
errPemKeyWrongBlockType = errors.New("pkcs15: pem key: unsupported pem block type (only pkcs1 and pkcs8 supported)") errPemKeyWrongBlockType = errors.New("pkcs15: pem key: unsupported pem block type (only pkcs1 and pkcs8 supported)")
errPemKeyWrongType = errors.New("pkcs15: pem key: unsupported key type (only rsa 1,024 or 2,048 supported)") errPemKeyWrongType = errors.New("pkcs15: pem key: unsupported key type (only rsa 1,024, 2,048, and 3,072 supported)")
errPemCertBadBlock = errors.New("pkcs15: pem cert: failed to decode pem block") errPemCertBadBlock = errors.New("pkcs15: pem cert: failed to decode pem block")
errPemCertFailedToParse = errors.New("pkcs15: pem cert: failed to parse cert") errPemCertFailedToParse = errors.New("pkcs15: pem cert: failed to parse cert")
@ -48,7 +48,7 @@ func pemKeyDecode(keyPem []byte) (*rsa.PrivateKey, error) {
} }
// verify proper bitlen // verify proper bitlen
if rsaKey.N.BitLen() != 1024 && rsaKey.N.BitLen() != 2048 { if rsaKey.N.BitLen() != 1024 && rsaKey.N.BitLen() != 2048 && rsaKey.N.BitLen() != 3072 {
return nil, errPemKeyWrongType return nil, errPemKeyWrongType
} }
@ -71,7 +71,7 @@ func pemKeyDecode(keyPem []byte) (*rsa.PrivateKey, error) {
} }
// verify proper bitlen // verify proper bitlen
if rsaKey.N.BitLen() != 1024 && rsaKey.N.BitLen() != 2048 { if rsaKey.N.BitLen() != 1024 && rsaKey.N.BitLen() != 2048 && rsaKey.N.BitLen() != 3072 {
return nil, errPemKeyWrongType return nil, errPemKeyWrongType
} }