diff options
Diffstat (limited to 'vendor/pkcs8/tests')
26 files changed, 596 insertions, 0 deletions
diff --git a/vendor/pkcs8/tests/encrypted_private_key.rs b/vendor/pkcs8/tests/encrypted_private_key.rs new file mode 100644 index 000000000..2bd72aef9 --- /dev/null +++ b/vendor/pkcs8/tests/encrypted_private_key.rs @@ -0,0 +1,234 @@ +//! Encrypted PKCS#8 private key tests. + +#![cfg(feature = "pkcs5")] + +use hex_literal::hex; +use pkcs8::{pkcs5::pbes2, EncryptedPrivateKeyInfo, PrivateKeyInfo}; + +#[cfg(feature = "alloc")] +use der::Encode; + +#[cfg(feature = "pem")] +use der::EncodePem; + +/// Ed25519 PKCS#8 private key plaintext encoded as ASN.1 DER +#[cfg(feature = "encryption")] +const ED25519_DER_PLAINTEXT_EXAMPLE: &[u8] = include_bytes!("examples/ed25519-priv-pkcs8v1.der"); + +/// Ed25519 PKCS#8 encrypted private key (PBES2 + AES-128-CBC + PBKDF2-SHA1) encoded as ASN.1 DER. +/// +/// Generated using: +/// +/// ``` +/// $ openssl pkcs8 -v2 aes256-cbc -v2prf hmacWithSHA1 -topk8 -inform der -in ed25519-priv.der -outform der -out ed25519-encpriv-aes128-pbkdf2-sha1.der +/// ``` +const ED25519_DER_AES128_PBKDF2_SHA1_EXAMPLE: &[u8] = + include_bytes!("examples/ed25519-encpriv-aes128-pbkdf2-sha1.der"); + +/// Ed25519 PKCS#8 encrypted private key (PBES2 + AES-256-CBC + PBKDF2-SHA256) encoded as ASN.1 DER. +/// +/// Generated using: +/// +/// ``` +/// $ openssl pkcs8 -v2 aes256-cbc -v2prf hmacWithSHA256 -topk8 -inform der -in ed25519-priv.der -outform der -out ed25519-encpriv-aes256-pbkdf2-sha256.der +/// ``` +const ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE: &[u8] = + include_bytes!("examples/ed25519-encpriv-aes256-pbkdf2-sha256.der"); + +/// Ed25519 PKCS#8 encrypted private key (PBES2 + AES-256-CBC + scrypt) encoded as ASN.1 DER. +/// +/// Generated using: +/// +/// ``` +/// $ openssl pkcs8 -v2 aes256-cbc -scrypt -topk8 -inform der -in ed25519-priv.der -outform der -out ed25519-encpriv-aes256-scrypt.der +/// ``` +#[cfg(feature = "encryption")] +const ED25519_DER_AES256_SCRYPT_EXAMPLE: &[u8] = + include_bytes!("examples/ed25519-encpriv-aes256-scrypt.der"); + +/// Ed25519 PKCS#8 encrypted private key encoded as PEM +#[cfg(feature = "pem")] +const ED25519_PEM_AES256_PBKDF2_SHA256_EXAMPLE: &str = + include_str!("examples/ed25519-encpriv-aes256-pbkdf2-sha256.pem"); + +/// Ed25519 PKCS#8 encrypted private key (PBES2 + 3DES + PBKDF2-SHA256) encoded as ASN.1 DER +/// +/// Generated using: +/// +/// ``` +/// $ openssl pkcs8 -v2 des3 -topk8 -inform der -in ed25519-priv-pkcs8v1.der -outform der -out ed25519-encpriv-des3-pbkdf2-sha256.der +/// ``` +#[cfg(feature = "3des")] +const ED25519_DER_DES3_PBKDF2_SHA256_EXAMPLE: &[u8] = + include_bytes!("examples/ed25519-encpriv-des3-pbkdf2-sha256.der"); + +/// Ed25519 PKCS#8 encrypted private key (PBES2 + DES + PBKDF2-SHA256) encoded as ASN.1 DER +/// +/// Generated using: +/// +/// ``` +/// $ openssl pkcs8 -v2 des -topk8 -inform der -in ed25519-priv-pkcs8v1.der -outform der -out ed25519-encpriv-des3-pbkdf2-sha256.der +/// ``` +#[cfg(feature = "des-insecure")] +const ED25519_DER_DES_PBKDF2_SHA256_EXAMPLE: &[u8] = + include_bytes!("examples/ed25519-encpriv-des-pbkdf2-sha256.der"); + +/// Password used to encrypt the keys. +#[cfg(feature = "encryption")] +const PASSWORD: &[u8] = b"hunter42"; // Bad password; don't actually use outside tests! + +#[test] +fn decode_ed25519_encpriv_aes128_pbkdf2_sha1_der() { + let pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES128_PBKDF2_SHA1_EXAMPLE).unwrap(); + + assert_eq!( + pk.encryption_algorithm.oid(), + "1.2.840.113549.1.5.13".parse().unwrap() + ); // PBES2 + + let pbes2_params = pk.encryption_algorithm.pbes2().unwrap(); + let pbkdf2_params = pbes2_params.kdf.pbkdf2().unwrap(); + + assert_eq!(pbkdf2_params.salt, hex!("e8765e01e43b6bad")); + assert_eq!(pbkdf2_params.iteration_count, 2048); + assert_eq!(pbkdf2_params.key_length, None); + assert_eq!(pbkdf2_params.prf, pbes2::Pbkdf2Prf::HmacWithSha1); + + match pbes2_params.encryption { + pbes2::EncryptionScheme::Aes128Cbc { iv } => { + assert_eq!(iv, &hex!("223080a71bcd2b9a256d876c924979d2")); + } + other => panic!("unexpected encryption scheme: {:?}", other), + } + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/ed25519-encpriv-aes128-sha1.der + assert_eq!( + pk.encrypted_data, + &hex!("4B4D091548EAC381EE7663B21234CD4FF3C9DF664D713394CACCEA7C9B982BD8F29910FABCA4BF7BE0431FAC5C4D657BE997C1F5BF40E2DA465AC1FCC2E30470") + ); +} + +#[test] +fn decode_ed25519_encpriv_aes256_pbkdf2_sha256_der() { + let pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE).unwrap(); + + assert_eq!( + pk.encryption_algorithm.oid(), + "1.2.840.113549.1.5.13".parse().unwrap() + ); // PBES2 + + let pbes2_params = pk.encryption_algorithm.pbes2().unwrap(); + let pbkdf2_params = pbes2_params.kdf.pbkdf2().unwrap(); + + assert_eq!(pbkdf2_params.salt, hex!("79d982e70df91a88")); + assert_eq!(pbkdf2_params.iteration_count, 2048); + assert_eq!(pbkdf2_params.key_length, None); + assert_eq!(pbkdf2_params.prf, pbes2::Pbkdf2Prf::HmacWithSha256); + + match pbes2_params.encryption { + pbes2::EncryptionScheme::Aes256Cbc { iv } => { + assert_eq!(iv, &hex!("b2d02d78b2efd9dff694cf8e0af40925")); + } + other => panic!("unexpected encryption scheme: {:?}", other), + } + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/ed25519-encpriv-aes256-sha256.der + assert_eq!( + pk.encrypted_data, + &hex!("D0CD6C770F4BB87176422305C17401809E226674CE74185D221BFDAA95069890C8882FCE02B05D41BCBF54B035595BCD4154B32593708469B86AACF8815A7B2B") + ); +} + +#[cfg(feature = "encryption")] +#[test] +fn decrypt_ed25519_der_encpriv_aes256_pbkdf2_sha256() { + let enc_pk = + EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE).unwrap(); + let pk = enc_pk.decrypt(PASSWORD).unwrap(); + assert_eq!(pk.as_bytes(), ED25519_DER_PLAINTEXT_EXAMPLE); +} + +#[cfg(feature = "encryption")] +#[test] +fn decrypt_ed25519_der_encpriv_aes256_scrypt() { + let enc_pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_SCRYPT_EXAMPLE).unwrap(); + let pk = enc_pk.decrypt(PASSWORD).unwrap(); + assert_eq!(pk.as_bytes(), ED25519_DER_PLAINTEXT_EXAMPLE); +} + +#[cfg(feature = "encryption")] +#[test] +fn encrypt_ed25519_der_encpriv_aes256_pbkdf2_sha256() { + let pbes2_params = pkcs5::pbes2::Parameters::pbkdf2_sha256_aes256cbc( + 2048, + &hex!("79d982e70df91a88"), + &hex!("b2d02d78b2efd9dff694cf8e0af40925"), + ) + .unwrap(); + + let pk_plaintext = PrivateKeyInfo::try_from(ED25519_DER_PLAINTEXT_EXAMPLE).unwrap(); + let pk_encrypted = pk_plaintext + .encrypt_with_params(pbes2_params, PASSWORD) + .unwrap(); + + assert_eq!( + pk_encrypted.as_bytes(), + ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE + ); +} + +#[cfg(feature = "encryption")] +#[test] +fn encrypt_ed25519_der_encpriv_aes256_scrypt() { + let scrypt_params = pkcs5::pbes2::Parameters::scrypt_aes256cbc( + Default::default(), + &hex!("E6211E2348AD69E0"), + &hex!("9BD0A6251F2254F9FD5963887C27CF01"), + ) + .unwrap(); + + let pk_plaintext = PrivateKeyInfo::try_from(ED25519_DER_PLAINTEXT_EXAMPLE).unwrap(); + let pk_encrypted = pk_plaintext + .encrypt_with_params(scrypt_params, PASSWORD) + .unwrap(); + + assert_eq!(pk_encrypted.as_bytes(), ED25519_DER_AES256_SCRYPT_EXAMPLE); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_ed25519_encpriv_aes256_pbkdf2_sha256_der() { + let pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE).unwrap(); + assert_eq!( + ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE, + &pk.to_vec().unwrap() + ); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_ed25519_encpriv_aes256_pbkdf2_sha256_pem() { + let pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE).unwrap(); + assert_eq!( + ED25519_PEM_AES256_PBKDF2_SHA256_EXAMPLE, + pk.to_pem(Default::default()).unwrap() + ); +} + +#[test] +#[cfg(feature = "3des")] +fn decrypt_ed25519_der_encpriv_des3_pbkdf2_sha256() { + let enc_pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_DES3_PBKDF2_SHA256_EXAMPLE).unwrap(); + let pk = enc_pk.decrypt(PASSWORD).unwrap(); + assert_eq!(pk.as_bytes(), ED25519_DER_PLAINTEXT_EXAMPLE); +} + +#[test] +#[cfg(feature = "des-insecure")] +fn decrypt_ed25519_der_encpriv_des_pbkdf2_sha256() { + let enc_pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_DES_PBKDF2_SHA256_EXAMPLE).unwrap(); + let pk = enc_pk.decrypt(PASSWORD).unwrap(); + assert_eq!(pk.as_bytes(), ED25519_DER_PLAINTEXT_EXAMPLE); +} diff --git a/vendor/pkcs8/tests/examples/ed25519-encpriv-aes128-pbkdf2-sha1.der b/vendor/pkcs8/tests/examples/ed25519-encpriv-aes128-pbkdf2-sha1.der Binary files differnew file mode 100644 index 000000000..c8d6edf7c --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-encpriv-aes128-pbkdf2-sha1.der diff --git a/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.der b/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.der Binary files differnew file mode 100644 index 000000000..5170c06e4 --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.der diff --git a/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.pem b/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.pem new file mode 100644 index 000000000..e5d3207a6 --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAh52YLnDfkaiAICCAAw +DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEELLQLXiy79nf9pTPjgr0CSUEQNDN +bHcPS7hxdkIjBcF0AYCeImZ0znQYXSIb/aqVBpiQyIgvzgKwXUG8v1SwNVlbzUFU +syWTcIRpuGqs+IFaeys= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-scrypt.der b/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-scrypt.der Binary files differnew file mode 100644 index 000000000..a045982f7 --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-scrypt.der diff --git a/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-scrypt.pem b/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-scrypt.pem new file mode 100644 index 000000000..1f0562d80 --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-encpriv-aes256-scrypt.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGTME8GCSqGSIb3DQEFDTBCMCEGCSsGAQQB2kcECzAUBAjmIR4jSK1p4AICQAAC +AQgCAQEwHQYJYIZIAWUDBAEqBBCb0KYlHyJU+f1ZY4h8J88BBEDMYrp3PA9JX6s2 +aOT8782wjnig7hXgoVAT9iq+CNqnQgZe6zZtbmyYzDsOfmm9yGHIiv648D26Hixt +mdBtFzYM +-----END ENCRYPTED PRIVATE KEY----- diff --git a/vendor/pkcs8/tests/examples/ed25519-encpriv-des-pbkdf2-sha256.der b/vendor/pkcs8/tests/examples/ed25519-encpriv-des-pbkdf2-sha256.der Binary files differnew file mode 100644 index 000000000..85d3b83b2 --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-encpriv-des-pbkdf2-sha256.der diff --git a/vendor/pkcs8/tests/examples/ed25519-encpriv-des3-pbkdf2-sha256.der b/vendor/pkcs8/tests/examples/ed25519-encpriv-des3-pbkdf2-sha256.der Binary files differnew file mode 100644 index 000000000..aed05ab63 --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-encpriv-des3-pbkdf2-sha256.der diff --git a/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v1.der b/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v1.der Binary files differnew file mode 100644 index 000000000..0cfccc399 --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v1.der diff --git a/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v1.pem b/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v1.pem new file mode 100644 index 000000000..0c0ee10b4 --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v1.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIBftnHPp22SewYmmEoMcX8VwI4IHwaqd+9LFPj/15eqF +-----END PRIVATE KEY----- diff --git a/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v2.der b/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v2.der Binary files differnew file mode 100644 index 000000000..3358e8a73 --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v2.der diff --git a/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v2.pem b/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v2.pem new file mode 100644 index 000000000..84961082a --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-priv-pkcs8v2.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MHICAQEwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC +oB8wHQYKKoZIhvcNAQkJFDEPDA1DdXJkbGUgQ2hhaXJzgSEAGb9ECWmEzf6FQbrB +Z9w7lshQhqowtrbLDFw4rXAxZuE= +-----END PRIVATE KEY----- diff --git a/vendor/pkcs8/tests/examples/ed25519-pub.der b/vendor/pkcs8/tests/examples/ed25519-pub.der Binary files differnew file mode 100644 index 000000000..1b602ee1f --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-pub.der diff --git a/vendor/pkcs8/tests/examples/ed25519-pub.pem b/vendor/pkcs8/tests/examples/ed25519-pub.pem new file mode 100644 index 000000000..6891701f7 --- /dev/null +++ b/vendor/pkcs8/tests/examples/ed25519-pub.pem @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEATSkWfz8ZEqb3rfopOgUaFcBexnuPFyZ7HFVQ3OhTvQ0= +-----END PUBLIC KEY----- diff --git a/vendor/pkcs8/tests/examples/p256-priv.der b/vendor/pkcs8/tests/examples/p256-priv.der Binary files differnew file mode 100644 index 000000000..c0de45ef2 --- /dev/null +++ b/vendor/pkcs8/tests/examples/p256-priv.der diff --git a/vendor/pkcs8/tests/examples/p256-priv.pem b/vendor/pkcs8/tests/examples/p256-priv.pem new file mode 100644 index 000000000..09b9343c0 --- /dev/null +++ b/vendor/pkcs8/tests/examples/p256-priv.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgaWJBcVYaYzQN4OfY +afKgVJJVjhoEhotqn4VKhmeIGI2hRANCAAQcrP+1Xy8s79idies3SyaBFSRSgC3u +oJkWBoE32DnPf8SBpESSME1+9mrBF77+g6jQjxVfK1L59hjdRHApBI4P +-----END PRIVATE KEY----- diff --git a/vendor/pkcs8/tests/examples/p256-pub.der b/vendor/pkcs8/tests/examples/p256-pub.der Binary files differnew file mode 100644 index 000000000..67c719c76 --- /dev/null +++ b/vendor/pkcs8/tests/examples/p256-pub.der diff --git a/vendor/pkcs8/tests/examples/p256-pub.pem b/vendor/pkcs8/tests/examples/p256-pub.pem new file mode 100644 index 000000000..ee7e5b612 --- /dev/null +++ b/vendor/pkcs8/tests/examples/p256-pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHKz/tV8vLO/YnYnrN0smgRUkUoAt +7qCZFgaBN9g5z3/EgaREkjBNfvZqwRe+/oOo0I8VXytS+fYY3URwKQSODw== +-----END PUBLIC KEY----- diff --git a/vendor/pkcs8/tests/examples/rsa2048-priv.der b/vendor/pkcs8/tests/examples/rsa2048-priv.der Binary files differnew file mode 100644 index 000000000..f4590bbee --- /dev/null +++ b/vendor/pkcs8/tests/examples/rsa2048-priv.der diff --git a/vendor/pkcs8/tests/examples/rsa2048-priv.pem b/vendor/pkcs8/tests/examples/rsa2048-priv.pem new file mode 100644 index 000000000..e2a218c86 --- /dev/null +++ b/vendor/pkcs8/tests/examples/rsa2048-priv.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2xCxRXxCmqvKC +xj7b4kJDoXDz+iYzvUgzY39Hyk9vNuA6XSnvwxkayA85DYdLOeMPQU/Owfyg7YHl +R+3CzTgsdvYckBiXPbn6U3lyp8cB9rd+CYLfwV/AGSfuXnzZS09Zn/BwE6fIKBvf +Ity8mtfKu3xDEcmC9Y7bchOtRVizMiZtdDrtgZLRiEytuLFHOaja2mbclwgG2ces +RQyxPQ18V1+xmFNPxhvEG8DwV04OATDHu7+9/cn2puLj4q/xy+rIm6V4hFKNVc+w +gyeh6MifTgA88oiOkzJB2daVvLus3JC0Tj4JX6NwWOolsT9eKVy+rG3oOKuMUK9h +4piXW4cvAgMBAAECggEAfsyDYsDtsHQRZCFeIvdKudkboGkAcAz2NpDlEU2O5r3P +uy4/lhRpKmd6CD8Wil5S5ZaOZAe52XxuDkBk+C2gt1ihTxe5t9QfX0jijWVRcE9W +5p56qfpjD8dkKMBtJeRV3PxVt6wrT3ZkP97T/hX/eKuyfmWsxKrQvfbbJ+9gppEM +XEoIXtQydasZwdmXoyxu/8598tGTX25gHu3hYaErXMJ8oh+B0smcPR6gjpDjBTqw +m++nJN7w0MOjwel0DA2fdhJqFJ7Aqn2AeCBUhCVNlR2wfEz5H7ZFTAlliP1ZJNur +6zWcogJSaNAE+dZus9b3rcETm61A8W3eY54RZHN2wQKBgQDcwGEkLU6Sr67nKsUT +ymW593A2+b1+Dm5hRhp+92VCJewVPH5cMaYVem5aE/9uF46HWMHLM9nWu+MXnvGJ +mOQi7Ny+149Oz9vl9PzYrsLJ0NyGRzypvRbZ0jjSH7Xd776xQ8ph0L1qqNkfM6CX +eQ6WQNvJEIXcXyY0O6MTj2stZwKBgQDT8xR1fkDpVINvkr4kI2ry8NoEo0ZTwYCv +Z+lgCG2T/eZcsj79nQk3R2L1mB42GEmvaM3XU5T/ak4G62myCeQijbLfpw5A9/l1 +ClKBdmR7eI0OV3eiy4si480mf/cLTzsC06r7DhjFkKVksDGIsKpfxIFWsHYiIUJD +vRIn76fy+QKBgQDOaLesGw0QDWNuVUiHU8XAmEP9s5DicF33aJRXyb2Nl2XjCXhh +fi78gEj0wyQgbbhgh7ZU6Xuz1GTn7j+M2D/hBDb33xjpqWPE5kkR1n7eNAQvLibj +06GtNGra1rm39ncIywlOYt7p/01dZmmvmIryJV0c6O0xfGp9hpHaNU0S2wKBgCX2 +5ZRCIChrTfu/QjXA7lhD0hmAkYlRINbKeyALgm0+znOOLgBJj6wKKmypacfww8oa +sLxAKXEyvnU4177fTLDvxrmO99ulT1aqmaq85TTEnCeUfUZ4xRxjx4x84WhyMbTI +61h65u8EgMuvT8AXPP1Yen5nr1FfubnedREYOXIpAoGAMZlUBtQGIHyt6uo1s40E +DF+Kmhrggn6e0GsVPYO2ghk1tLNqgr6dVseRtYwnJxpXk9U6HWV8CJl5YLFDPlFx +mH9FLxRKfHIwbWPh0//Atxt1qwjy5FpILpiEUcvkeOEusijQdFbJJLZvbO0EjYU/ +Uz4xpoYU8cPObY7JmDznKvc= +-----END PRIVATE KEY----- diff --git a/vendor/pkcs8/tests/examples/rsa2048-pub.der b/vendor/pkcs8/tests/examples/rsa2048-pub.der Binary files differnew file mode 100644 index 000000000..4148aaaaa --- /dev/null +++ b/vendor/pkcs8/tests/examples/rsa2048-pub.der diff --git a/vendor/pkcs8/tests/examples/rsa2048-pub.pem b/vendor/pkcs8/tests/examples/rsa2048-pub.pem new file mode 100644 index 000000000..5ecd89239 --- /dev/null +++ b/vendor/pkcs8/tests/examples/rsa2048-pub.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsQsUV8QpqrygsY+2+JC +Q6Fw8/omM71IM2N/R8pPbzbgOl0p78MZGsgPOQ2HSznjD0FPzsH8oO2B5Uftws04 +LHb2HJAYlz25+lN5cqfHAfa3fgmC38FfwBkn7l582UtPWZ/wcBOnyCgb3yLcvJrX +yrt8QxHJgvWO23ITrUVYszImbXQ67YGS0YhMrbixRzmo2tpm3JcIBtnHrEUMsT0N +fFdfsZhTT8YbxBvA8FdODgEwx7u/vf3J9qbi4+Kv8cvqyJuleIRSjVXPsIMnoejI +n04APPKIjpMyQdnWlby7rNyQtE4+CV+jcFjqJbE/Xilcvqxt6DirjFCvYeKYl1uH +LwIDAQAB +-----END PUBLIC KEY----- diff --git a/vendor/pkcs8/tests/examples/x25519-priv.der b/vendor/pkcs8/tests/examples/x25519-priv.der Binary files differnew file mode 100644 index 000000000..79355d27c --- /dev/null +++ b/vendor/pkcs8/tests/examples/x25519-priv.der diff --git a/vendor/pkcs8/tests/examples/x25519-priv.pem b/vendor/pkcs8/tests/examples/x25519-priv.pem new file mode 100644 index 000000000..501f95da6 --- /dev/null +++ b/vendor/pkcs8/tests/examples/x25519-priv.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VuBCIEIHBgJSkzrG56SpsOsmMsWgQKhyV624aaPszD0WtyTyZH +-----END PRIVATE KEY----- diff --git a/vendor/pkcs8/tests/private_key.rs b/vendor/pkcs8/tests/private_key.rs new file mode 100644 index 000000000..15d669495 --- /dev/null +++ b/vendor/pkcs8/tests/private_key.rs @@ -0,0 +1,182 @@ +//! PKCS#8 private key tests + +use hex_literal::hex; +use pkcs8::{PrivateKeyInfo, Version}; + +#[cfg(feature = "alloc")] +use der::Encode; + +#[cfg(feature = "pem")] +use der::{pem::LineEnding, EncodePem}; + +/// Elliptic Curve (P-256) PKCS#8 private key encoded as ASN.1 DER +const EC_P256_DER_EXAMPLE: &[u8] = include_bytes!("examples/p256-priv.der"); + +/// Ed25519 PKCS#8 v1 private key encoded as ASN.1 DER +const ED25519_DER_V1_EXAMPLE: &[u8] = include_bytes!("examples/ed25519-priv-pkcs8v1.der"); + +/// Ed25519 PKCS#8 v2 private key + public key encoded as ASN.1 DER +const ED25519_DER_V2_EXAMPLE: &[u8] = include_bytes!("examples/ed25519-priv-pkcs8v2.der"); + +/// RSA-2048 PKCS#8 private key encoded as ASN.1 DER +const RSA_2048_DER_EXAMPLE: &[u8] = include_bytes!("examples/rsa2048-priv.der"); + +/// X25519 PKCS#8 private key encoded as ASN.1 DER +const X25519_DER_EXAMPLE: &[u8] = include_bytes!("examples/x25519-priv.der"); + +/// Elliptic Curve (P-256) PKCS#8 private key encoded as PEM +#[cfg(feature = "pem")] +const EC_P256_PEM_EXAMPLE: &str = include_str!("examples/p256-priv.pem"); + +/// Ed25519 PKCS#8 private key encoded as PEM +#[cfg(feature = "pem")] +const ED25519_PEM_V1_EXAMPLE: &str = include_str!("examples/ed25519-priv-pkcs8v1.pem"); + +/// RSA-2048 PKCS#8 private key encoded as PEM +#[cfg(feature = "pem")] +const RSA_2048_PEM_EXAMPLE: &str = include_str!("examples/rsa2048-priv.pem"); + +/// X25519 PKCS#8 private key encoded as PEM +#[cfg(feature = "pem")] +const X25519_PEM_EXAMPLE: &str = include_str!("examples/x25519-priv.pem"); + +#[test] +fn decode_ec_p256_der() { + let pk = PrivateKeyInfo::try_from(EC_P256_DER_EXAMPLE).unwrap(); + + assert_eq!(pk.version(), Version::V1); + assert_eq!(pk.algorithm.oid, "1.2.840.10045.2.1".parse().unwrap()); + + assert_eq!( + pk.algorithm.parameters.unwrap().oid().unwrap(), + "1.2.840.10045.3.1.7".parse().unwrap() + ); + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/p256-priv.der + assert_eq!(pk.private_key, &hex!("306B020101042069624171561A63340DE0E7D869F2A05492558E1A04868B6A9F854A866788188DA144034200041CACFFB55F2F2CEFD89D89EB374B2681152452802DEEA09916068137D839CF7FC481A44492304D7EF66AC117BEFE83A8D08F155F2B52F9F618DD447029048E0F")[..]); +} + +// Test vector from RFC8410 Section 10.3: +// https://datatracker.ietf.org/doc/html/rfc8410#section-10.3 +#[test] +fn decode_ed25519_der_v1() { + let pk = PrivateKeyInfo::try_from(ED25519_DER_V1_EXAMPLE).unwrap(); + assert_eq!(pk.version(), Version::V1); + assert_eq!(pk.algorithm.oid, "1.3.101.112".parse().unwrap()); + assert_eq!(pk.algorithm.parameters, None); + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/ed25519-priv.der + assert_eq!( + pk.private_key, + &hex!("042017ED9C73E9DB649EC189A612831C5FC570238207C1AA9DFBD2C53E3FF5E5EA85")[..] + ); +} + +// Test vector from RFC8410 Section 10.3: +// https://datatracker.ietf.org/doc/html/rfc8410#section-10.3 +#[test] +fn decode_ed25519_der_v2() { + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/ed25519-priv-pkcs8v2.der + const PRIV_KEY: [u8; 34] = + hex!("0420D4EE72DBF913584AD5B6D8F1F769F8AD3AFE7C28CBF1D4FBE097A88F44755842"); + const PUB_KEY: [u8; 32] = + hex!("19BF44096984CDFE8541BAC167DC3B96C85086AA30B6B6CB0C5C38AD703166E1"); + + let pk = PrivateKeyInfo::try_from(ED25519_DER_V2_EXAMPLE).unwrap(); + assert_eq!(pk.version(), Version::V2); + assert_eq!(pk.algorithm.oid, "1.3.101.112".parse().unwrap()); + assert_eq!(pk.algorithm.parameters, None); + assert_eq!(pk.private_key, PRIV_KEY); + assert_eq!(pk.public_key, Some(&PUB_KEY[..])); +} + +#[test] +fn decode_rsa_2048_der() { + let pk = PrivateKeyInfo::try_from(RSA_2048_DER_EXAMPLE).unwrap(); + assert_eq!(pk.version(), Version::V1); + assert_eq!(pk.algorithm.oid, "1.2.840.113549.1.1.1".parse().unwrap()); + assert!(pk.algorithm.parameters.unwrap().is_null()); + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/rsa2048-priv.der + assert_eq!(pk.private_key, &hex!("308204A30201000282010100B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F0203010001028201007ECC8362C0EDB0741164215E22F74AB9D91BA06900700CF63690E5114D8EE6BDCFBB2E3F9614692A677A083F168A5E52E5968E6407B9D97C6E0E4064F82DA0B758A14F17B9B7D41F5F48E28D6551704F56E69E7AA9FA630FC76428C06D25E455DCFC55B7AC2B4F76643FDED3FE15FF78ABB27E65ACC4AAD0BDF6DB27EF60A6910C5C4A085ED43275AB19C1D997A32C6EFFCE7DF2D1935F6E601EEDE161A12B5CC27CA21F81D2C99C3D1EA08E90E3053AB09BEFA724DEF0D0C3A3C1E9740C0D9F76126A149EC0AA7D8078205484254D951DB07C4CF91FB6454C096588FD5924DBABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C102818100DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBEB143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D6702818100D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FDE65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E4228DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F902818100CE68B7AC1B0D100D636E55488753C5C09843FDB390E2705DF7689457C9BD8D9765E30978617E2EFC8048F4C324206DB86087B654E97BB3D464E7EE3F8CD83FE10436F7DF18E9A963C4E64911D67EDE34042F2E26E3D3A1AD346ADAD6B9B7F67708CB094E62DEE9FF4D5D6669AF988AF2255D1CE8ED317C6A7D8691DA354D12DB02818025F6E5944220286B4DFBBF4235C0EE5843D2198091895120D6CA7B200B826D3ECE738E2E00498FAC0A2A6CA969C7F0C3CA1AB0BC40297132BE7538D7BEDF4CB0EFC6B98EF7DBA54F56AA99AABCE534C49C27947D4678C51C63C78C7CE1687231B4C8EB587AE6EF0480CBAF4FC0173CFD587A7E67AF515FB9B9DE75111839722902818031995406D406207CADEAEA35B38D040C5F8A9A1AE0827E9ED06B153D83B6821935B4B36A82BE9D56C791B58C27271A5793D53A1D657C08997960B1433E5171987F452F144A7C72306D63E1D3FFC0B71B75AB08F2E45A482E988451CBE478E12EB228D07456C924B66F6CED048D853F533E31A68614F1C3CE6D8EC9983CE72AF7")[..]); +} + +#[test] +fn decode_x25519_der() { + let pk = PrivateKeyInfo::try_from(X25519_DER_EXAMPLE).unwrap(); + assert_eq!(pk.version(), Version::V1); + assert_eq!(pk.algorithm.oid, "1.3.101.110".parse().unwrap()); + assert_eq!(pk.algorithm.parameters, None); + + // Extracted with: + // $ openssl asn1parse -inform der -in tests/examples/x25519-priv.der + assert_eq!( + pk.private_key, + &hex!("04207060252933AC6E7A4A9B0EB2632C5A040A87257ADB869A3ECCC3D16B724F2647")[..] + ); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_ec_p256_der() { + let pk = PrivateKeyInfo::try_from(EC_P256_DER_EXAMPLE).unwrap(); + let pk_encoded = pk.to_vec().unwrap(); + assert_eq!(EC_P256_DER_EXAMPLE, pk_encoded); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_ed25519_der_v1() { + let pk = PrivateKeyInfo::try_from(ED25519_DER_V1_EXAMPLE).unwrap(); + assert_eq!(ED25519_DER_V1_EXAMPLE, pk.to_vec().unwrap()); +} + +#[test] +#[cfg(all(feature = "alloc", feature = "subtle"))] +fn encode_ed25519_der_v2() { + let private_key = PrivateKeyInfo::try_from(ED25519_DER_V2_EXAMPLE).unwrap(); + let private_der = private_key.to_vec().unwrap(); + assert_eq!( + private_key, + PrivateKeyInfo::try_from(private_der.as_ref()).unwrap() + ); +} + +#[test] +#[cfg(feature = "alloc")] +fn encode_rsa_2048_der() { + let pk = PrivateKeyInfo::try_from(RSA_2048_DER_EXAMPLE).unwrap(); + assert_eq!(RSA_2048_DER_EXAMPLE, &pk.to_vec().unwrap()); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_ec_p256_pem() { + let pk = PrivateKeyInfo::try_from(EC_P256_DER_EXAMPLE).unwrap(); + assert_eq!(EC_P256_PEM_EXAMPLE, pk.to_pem(LineEnding::LF).unwrap()); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_ed25519_pem() { + let pk = PrivateKeyInfo::try_from(ED25519_DER_V1_EXAMPLE).unwrap(); + assert_eq!(ED25519_PEM_V1_EXAMPLE, pk.to_pem(LineEnding::LF).unwrap()); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_rsa_2048_pem() { + let pk = PrivateKeyInfo::try_from(RSA_2048_DER_EXAMPLE).unwrap(); + assert_eq!(RSA_2048_PEM_EXAMPLE, pk.to_pem(LineEnding::LF).unwrap()); +} + +#[test] +#[cfg(feature = "pem")] +fn encode_x25519_pem() { + let pk = PrivateKeyInfo::try_from(X25519_DER_EXAMPLE).unwrap(); + assert_eq!(X25519_PEM_EXAMPLE, pk.to_pem(LineEnding::LF).unwrap()); +} diff --git a/vendor/pkcs8/tests/traits.rs b/vendor/pkcs8/tests/traits.rs new file mode 100644 index 000000000..1c8a969bc --- /dev/null +++ b/vendor/pkcs8/tests/traits.rs @@ -0,0 +1,108 @@ +//! Tests for PKCS#8 encoding/decoding traits. + +#![cfg(any(feature = "pem", feature = "std"))] + +use der::Encode; +use pkcs8::{DecodePrivateKey, EncodePrivateKey, Error, PrivateKeyInfo, Result, SecretDocument}; + +#[cfg(feature = "pem")] +use pkcs8::der::pem::LineEnding; + +#[cfg(feature = "std")] +use tempfile::tempdir; + +#[cfg(all(feature = "pem", feature = "std"))] +use std::fs; + +/// Ed25519 `PrivateKeyInfo` encoded as ASN.1 DER +const ED25519_DER_EXAMPLE: &[u8] = include_bytes!("examples/ed25519-priv-pkcs8v1.der"); + +/// Ed25519 private key encoded as PEM +#[cfg(feature = "pem")] +const ED25519_PEM_EXAMPLE: &str = include_str!("examples/ed25519-priv-pkcs8v1.pem"); + +/// Mock key type for testing trait impls against. +pub struct MockKey(Vec<u8>); + +impl AsRef<[u8]> for MockKey { + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } +} + +impl DecodePrivateKey for MockKey { + fn from_pkcs8_der(bytes: &[u8]) -> Result<MockKey> { + Ok(MockKey(bytes.to_vec())) + } +} + +impl EncodePrivateKey for MockKey { + fn to_pkcs8_der(&self) -> Result<SecretDocument> { + Ok(SecretDocument::try_from(self.as_ref())?) + } +} + +impl TryFrom<PrivateKeyInfo<'_>> for MockKey { + type Error = Error; + + fn try_from(pkcs8: PrivateKeyInfo<'_>) -> Result<MockKey> { + Ok(MockKey(pkcs8.to_vec()?)) + } +} + +#[cfg(feature = "pem")] +#[test] +fn from_pkcs8_pem() { + let key = MockKey::from_pkcs8_pem(ED25519_PEM_EXAMPLE).unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(feature = "std")] +#[test] +fn read_pkcs8_der_file() { + let key = MockKey::read_pkcs8_der_file("tests/examples/ed25519-priv-pkcs8v1.der").unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(all(feature = "pem", feature = "std"))] +#[test] +fn read_pkcs8_pem_file() { + let key = MockKey::read_pkcs8_pem_file("tests/examples/ed25519-priv-pkcs8v1.pem").unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(feature = "pem")] +#[test] +fn to_pkcs8_pem() { + let pem = MockKey(ED25519_DER_EXAMPLE.to_vec()) + .to_pkcs8_pem(LineEnding::LF) + .unwrap(); + + assert_eq!(&*pem, ED25519_PEM_EXAMPLE); +} + +#[cfg(feature = "std")] +#[test] +fn write_pkcs8_der_file() { + let dir = tempdir().unwrap(); + let path = dir.path().join("example.der"); + MockKey(ED25519_DER_EXAMPLE.to_vec()) + .write_pkcs8_der_file(&path) + .unwrap(); + + let key = MockKey::read_pkcs8_der_file(&path).unwrap(); + assert_eq!(key.as_ref(), ED25519_DER_EXAMPLE); +} + +#[cfg(all(feature = "pem", feature = "std"))] +#[test] +fn write_pkcs8_pem_file() { + let dir = tempdir().unwrap(); + let path = dir.path().join("example.pem"); + MockKey(ED25519_DER_EXAMPLE.to_vec()) + .write_pkcs8_pem_file(&path, LineEnding::LF) + .unwrap(); + + let pem = fs::read_to_string(path).unwrap(); + assert_eq!(&pem, ED25519_PEM_EXAMPLE); +} |