]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/25-test_pkcs8.t
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Raise an error on syscall failure in tls_retry_write_records
[thirdparty/openssl.git] / test / recipes / 25-test_pkcs8.t
1 #! /usr/bin/env perl
2 # Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9 use strict;
10 use warnings;
11
12 use OpenSSL::Test::Utils;
13 use File::Compare qw(compare_text);
14 use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips is_nofips/;
15
16 setup("test_pkcs8");
17
18 plan tests => 15;
19
20 ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
21 '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
22 '-out', 'pbkdf2_default_saltlen.pem',
23 '-passout', 'pass:password']))),
24 "Convert a private key to PKCS5 v2.0 format using PBKDF2 with the default saltlen");
25
26 # We expect the output to be of the form "0:d=0 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:FAC7F37508E6B7A805BF4B13861B3687"
27 # i.e. 2 byte header + 16 byte salt.
28 ok(run(app(([ 'openssl', 'asn1parse',
29 '-in', 'pbkdf2_default_saltlen.pem',
30 '-offset', '34', '-length', '18']))),
31 "Check the default size of the PBKDF2 PARAM 'salt length' is 16");
32
33 SKIP: {
34 skip "scrypt is not supported by this OpenSSL build", 4
35 if disabled("scrypt");
36
37 ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
38 '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
39 '-scrypt',
40 '-out', 'scrypt_default_saltlen.pem',
41 '-passout', 'pass:password']))),
42 "Convert a private key to PKCS5 v2.0 format using scrypt with the default saltlen");
43
44 # We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:FAC7F37508E6B7A805BF4B13861B3687"
45 # i.e. 2 byte header + 16 byte salt.
46 ok(run(app(([ 'openssl', 'asn1parse',
47 '-in', 'scrypt_default_saltlen.pem',
48 '-offset', '34', '-length', '18']))),
49 "Check the default size of the SCRYPT PARAM 'salt length' = 16");
50
51 ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
52 '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
53 '-scrypt',
54 '-saltlen', '8',
55 '-out', 'scrypt_64bit_saltlen.pem',
56 '-passout', 'pass:password']))),
57 "Convert a private key to PKCS5 v2.0 format using scrypt with a salt length of 8 bytes");
58
59 # We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:3C1147976A2B61CA"
60 # i.e. 2 byte header + 8 byte salt.
61 ok(run(app(([ 'openssl', 'asn1parse',
62 '-in', 'scrypt_64bit_saltlen.pem',
63 '-offset', '34', '-length', '10']))),
64 "Check the size of the SCRYPT PARAM 'salt length' is 8");
65 }
66
67 SKIP: {
68 skip "legacy provider is not supported by this OpenSSL build", 4
69 if disabled('legacy') || disabled("des");
70
71 ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
72 '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
73 '-v1', "PBE-MD5-DES",
74 '-provider', 'legacy',
75 '-provider', 'default',
76 '-out', 'pbe1.pem',
77 '-passout', 'pass:password']))),
78 "Convert a private key to PKCS5 v1.5 format using pbeWithMD5AndDES-CBC with the default saltlen");
79
80 ok(run(app(([ 'openssl', 'asn1parse',
81 '-in', 'pbe1.pem',
82 '-offset', '19', '-length', '10']))),
83 "Check the default size of the PBE PARAM 'salt length' = 8");
84
85 ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
86 '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
87 '-v1', "PBE-MD5-DES",
88 '-saltlen', '16',
89 '-provider', 'legacy',
90 '-provider', 'default',
91 '-out', 'pbe1_128bitsalt.pem',
92 '-passout', 'pass:password']))),
93 "Convert a private key to PKCS5 v1.5 format using pbeWithMD5AndDES-CBC with the 16 byte saltlen");
94
95 ok(run(app(([ 'openssl', 'asn1parse',
96 '-in', 'pbe1_128bitsalt.pem',
97 '-offset', '19', '-length', '18']))),
98 "Check the size of the PBE PARAM 'salt length' = 16");
99 };
100
101
102 ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
103 '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
104 '-saltlen', '8',
105 '-out', 'pbkdf2_64bit_saltlen.pem',
106 '-passout', 'pass:password']))),
107 "Convert a private key to PKCS5 v2.0 format using pbkdf2 with a salt length of 8 bytes");
108
109 # We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:3C1147976A2B61CA"
110 # i.e. 2 byte header + 8 byte salt.
111 ok(run(app(([ 'openssl', 'asn1parse',
112 '-in', 'pbkdf2_64bit_saltlen.pem',
113 '-offset', '34', '-length', '10']))),
114 "Check the size of the PBKDF2 PARAM 'salt length' is 8");
115
116
117 SKIP: {
118 skip "SM2, SM3 or SM4 is not supported by this OpenSSL build", 3
119 if disabled("sm2") || disabled("sm3") || disabled("sm4");
120
121 ok_nofips(run(app(([ 'openssl', 'pkcs8', '-topk8',
122 '-in', srctop_file('test', 'certs', 'sm2.key'),
123 '-out', 'sm2-pbes2-sm4-hmacWithSM3.key',
124 '-passout', 'pass:password',
125 '-v2', 'sm4', '-v2prf', 'hmacWithSM3']))),
126 "Convert a private key to PKCS#5 v2.0 format using SM4 and hmacWithSM3");
127
128 ok_nofips(run(app(([ 'openssl', 'pkcs8', '-topk8',
129 '-in', 'sm2-pbes2-sm4-hmacWithSM3.key',
130 '-out', 'sm2.key',
131 '-passin', 'pass:password', '-nocrypt',
132 '-v2', 'sm4', '-v2prf', 'hmacWithSM3']))),
133 "Convert from PKCS#5 v2.0 format to PKCS#8 unencrypted format");
134
135 is_nofips(compare_text(srctop_file('test', 'certs', 'sm2.key'), 'sm2.key',
136 sub {
137 my $in1 = $_[0];
138 my $in2 = $_[1];
139 $in1 =~ s/\r\n/\n/g;
140 $in2 =~ s/\r\n/\n/g;
141 $in1 ne $in2
142 }), 0, "compare test/certs/sm2.key to sm2.key")
143 }
A mirror of the official openssl repository