25-test_pkcs8.t 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
  1. #! /usr/bin/env perl
  2. # Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use OpenSSL::Test::Utils;
  11. use File::Compare qw(compare_text);
  12. use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips is_nofips/;
  13. setup("test_pkcs8");
  14. plan tests => 15;
  15. ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
  16. '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
  17. '-out', 'pbkdf2_default_saltlen.pem',
  18. '-passout', 'pass:password']))),
  19. "Convert a private key to PKCS5 v2.0 format using PBKDF2 with the default saltlen");
  20. # We expect the output to be of the form "0:d=0 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:FAC7F37508E6B7A805BF4B13861B3687"
  21. # i.e. 2 byte header + 16 byte salt.
  22. ok(run(app(([ 'openssl', 'asn1parse',
  23. '-in', 'pbkdf2_default_saltlen.pem',
  24. '-offset', '34', '-length', '18']))),
  25. "Check the default size of the PBKDF2 PARAM 'salt length' is 16");
  26. SKIP: {
  27. skip "scrypt is not supported by this OpenSSL build", 4
  28. if disabled("scrypt");
  29. ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
  30. '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
  31. '-scrypt',
  32. '-out', 'scrypt_default_saltlen.pem',
  33. '-passout', 'pass:password']))),
  34. "Convert a private key to PKCS5 v2.0 format using scrypt with the default saltlen");
  35. # We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:FAC7F37508E6B7A805BF4B13861B3687"
  36. # i.e. 2 byte header + 16 byte salt.
  37. ok(run(app(([ 'openssl', 'asn1parse',
  38. '-in', 'scrypt_default_saltlen.pem',
  39. '-offset', '34', '-length', '18']))),
  40. "Check the default size of the SCRYPT PARAM 'salt length' = 16");
  41. ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
  42. '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
  43. '-scrypt',
  44. '-saltlen', '8',
  45. '-out', 'scrypt_64bit_saltlen.pem',
  46. '-passout', 'pass:password']))),
  47. "Convert a private key to PKCS5 v2.0 format using scrypt with a salt length of 8 bytes");
  48. # We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:3C1147976A2B61CA"
  49. # i.e. 2 byte header + 8 byte salt.
  50. ok(run(app(([ 'openssl', 'asn1parse',
  51. '-in', 'scrypt_64bit_saltlen.pem',
  52. '-offset', '34', '-length', '10']))),
  53. "Check the size of the SCRYPT PARAM 'salt length' is 8");
  54. }
  55. SKIP: {
  56. skip "legacy provider is not supported by this OpenSSL build", 4
  57. if disabled('legacy') || disabled("des");
  58. ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
  59. '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
  60. '-v1', "PBE-MD5-DES",
  61. '-provider', 'legacy',
  62. '-provider', 'default',
  63. '-out', 'pbe1.pem',
  64. '-passout', 'pass:password']))),
  65. "Convert a private key to PKCS5 v1.5 format using pbeWithMD5AndDES-CBC with the default saltlen");
  66. ok(run(app(([ 'openssl', 'asn1parse',
  67. '-in', 'pbe1.pem',
  68. '-offset', '19', '-length', '10']))),
  69. "Check the default size of the PBE PARAM 'salt length' = 8");
  70. ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
  71. '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
  72. '-v1', "PBE-MD5-DES",
  73. '-saltlen', '16',
  74. '-provider', 'legacy',
  75. '-provider', 'default',
  76. '-out', 'pbe1_128bitsalt.pem',
  77. '-passout', 'pass:password']))),
  78. "Convert a private key to PKCS5 v1.5 format using pbeWithMD5AndDES-CBC with the 16 byte saltlen");
  79. ok(run(app(([ 'openssl', 'asn1parse',
  80. '-in', 'pbe1_128bitsalt.pem',
  81. '-offset', '19', '-length', '18']))),
  82. "Check the size of the PBE PARAM 'salt length' = 16");
  83. };
  84. ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
  85. '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
  86. '-saltlen', '8',
  87. '-out', 'pbkdf2_64bit_saltlen.pem',
  88. '-passout', 'pass:password']))),
  89. "Convert a private key to PKCS5 v2.0 format using pbkdf2 with a salt length of 8 bytes");
  90. # We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:3C1147976A2B61CA"
  91. # i.e. 2 byte header + 8 byte salt.
  92. ok(run(app(([ 'openssl', 'asn1parse',
  93. '-in', 'pbkdf2_64bit_saltlen.pem',
  94. '-offset', '34', '-length', '10']))),
  95. "Check the size of the PBKDF2 PARAM 'salt length' is 8");
  96. SKIP: {
  97. skip "SM2, SM3 or SM4 is not supported by this OpenSSL build", 3
  98. if disabled("sm2") || disabled("sm3") || disabled("sm4");
  99. ok_nofips(run(app(([ 'openssl', 'pkcs8', '-topk8',
  100. '-in', srctop_file('test', 'certs', 'sm2.key'),
  101. '-out', 'sm2-pbes2-sm4-hmacWithSM3.key',
  102. '-passout', 'pass:password',
  103. '-v2', 'sm4', '-v2prf', 'hmacWithSM3']))),
  104. "Convert a private key to PKCS#5 v2.0 format using SM4 and hmacWithSM3");
  105. ok_nofips(run(app(([ 'openssl', 'pkcs8', '-topk8',
  106. '-in', 'sm2-pbes2-sm4-hmacWithSM3.key',
  107. '-out', 'sm2.key',
  108. '-passin', 'pass:password', '-nocrypt',
  109. '-v2', 'sm4', '-v2prf', 'hmacWithSM3']))),
  110. "Convert from PKCS#5 v2.0 format to PKCS#8 unencrypted format");
  111. is_nofips(compare_text(srctop_file('test', 'certs', 'sm2.key'), 'sm2.key',
  112. sub {
  113. my $in1 = $_[0];
  114. my $in2 = $_[1];
  115. $in1 =~ s/\r\n/\n/g;
  116. $in2 =~ s/\r\n/\n/g;
  117. $in1 ne $in2
  118. }), 0, "compare test/certs/sm2.key to sm2.key")
  119. }