2022-09-13 20:16:43 +08:00
|
|
|
#! /usr/bin/env perl
|
2023-09-07 16:59:15 +08:00
|
|
|
# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
|
2022-09-13 20:16:43 +08:00
|
|
|
#
|
|
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
|
|
# in the file LICENSE in the source distribution or at
|
|
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
|
|
|
|
use OpenSSL::Test::Utils;
|
2024-09-27 13:58:33 +08:00
|
|
|
use File::Copy;
|
|
|
|
use File::Compare qw(compare_text compare);
|
2022-09-13 20:16:43 +08:00
|
|
|
use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips is_nofips/;
|
|
|
|
|
|
|
|
setup("test_pkcs8");
|
|
|
|
|
2024-09-27 13:58:33 +08:00
|
|
|
plan tests => 18;
|
|
|
|
|
|
|
|
my $pc5_key = srctop_file('test', 'certs', 'pc5-key.pem');
|
|
|
|
|
|
|
|
my $inout = 'inout.pem';
|
|
|
|
copy($pc5_key, $inout);
|
|
|
|
ok(run(app(['openssl', 'pkcs8', '-topk8', '-in', $inout,
|
|
|
|
'-out', $inout, '-passout', 'pass:password'])),
|
|
|
|
"identical infile and outfile, to PKCS#8");
|
|
|
|
ok(run(app(['openssl', 'pkcs8', '-in', $inout,
|
|
|
|
'-out', $inout, '-passin', 'pass:password'])),
|
|
|
|
"identical infile and outfile, from PKCS#8");
|
|
|
|
is(compare($pc5_key, $inout), 0,
|
|
|
|
"Same file contents after converting forth and back");
|
2023-08-28 10:47:51 +08:00
|
|
|
|
|
|
|
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
|
2024-09-27 13:58:33 +08:00
|
|
|
'-in', $pc5_key,
|
2023-08-28 10:47:51 +08:00
|
|
|
'-out', 'pbkdf2_default_saltlen.pem',
|
|
|
|
'-passout', 'pass:password']))),
|
|
|
|
"Convert a private key to PKCS5 v2.0 format using PBKDF2 with the default saltlen");
|
|
|
|
|
|
|
|
# We expect the output to be of the form "0:d=0 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:FAC7F37508E6B7A805BF4B13861B3687"
|
|
|
|
# i.e. 2 byte header + 16 byte salt.
|
|
|
|
ok(run(app(([ 'openssl', 'asn1parse',
|
|
|
|
'-in', 'pbkdf2_default_saltlen.pem',
|
|
|
|
'-offset', '34', '-length', '18']))),
|
|
|
|
"Check the default size of the PBKDF2 PARAM 'salt length' is 16");
|
|
|
|
|
|
|
|
SKIP: {
|
2023-08-31 15:49:55 +08:00
|
|
|
skip "scrypt is not supported by this OpenSSL build", 4
|
2023-08-28 10:47:51 +08:00
|
|
|
if disabled("scrypt");
|
|
|
|
|
|
|
|
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
|
2024-09-27 13:58:33 +08:00
|
|
|
'-in', $pc5_key,
|
2023-08-28 10:47:51 +08:00
|
|
|
'-scrypt',
|
|
|
|
'-out', 'scrypt_default_saltlen.pem',
|
|
|
|
'-passout', 'pass:password']))),
|
|
|
|
"Convert a private key to PKCS5 v2.0 format using scrypt with the default saltlen");
|
|
|
|
|
|
|
|
# We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:FAC7F37508E6B7A805BF4B13861B3687"
|
|
|
|
# i.e. 2 byte header + 16 byte salt.
|
|
|
|
ok(run(app(([ 'openssl', 'asn1parse',
|
|
|
|
'-in', 'scrypt_default_saltlen.pem',
|
|
|
|
'-offset', '34', '-length', '18']))),
|
|
|
|
"Check the default size of the SCRYPT PARAM 'salt length' = 16");
|
2023-08-31 15:49:55 +08:00
|
|
|
|
|
|
|
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
|
2024-09-27 13:58:33 +08:00
|
|
|
'-in', $pc5_key,
|
2023-08-31 15:49:55 +08:00
|
|
|
'-scrypt',
|
|
|
|
'-saltlen', '8',
|
|
|
|
'-out', 'scrypt_64bit_saltlen.pem',
|
|
|
|
'-passout', 'pass:password']))),
|
|
|
|
"Convert a private key to PKCS5 v2.0 format using scrypt with a salt length of 8 bytes");
|
|
|
|
|
|
|
|
# We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:3C1147976A2B61CA"
|
|
|
|
# i.e. 2 byte header + 8 byte salt.
|
|
|
|
ok(run(app(([ 'openssl', 'asn1parse',
|
|
|
|
'-in', 'scrypt_64bit_saltlen.pem',
|
|
|
|
'-offset', '34', '-length', '10']))),
|
|
|
|
"Check the size of the SCRYPT PARAM 'salt length' is 8");
|
2023-08-28 10:47:51 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
SKIP: {
|
2023-08-31 15:49:55 +08:00
|
|
|
skip "legacy provider is not supported by this OpenSSL build", 4
|
2023-08-28 10:47:51 +08:00
|
|
|
if disabled('legacy') || disabled("des");
|
|
|
|
|
|
|
|
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
|
2024-09-27 13:58:33 +08:00
|
|
|
'-in', $pc5_key,
|
2023-08-28 10:47:51 +08:00
|
|
|
'-v1', "PBE-MD5-DES",
|
|
|
|
'-provider', 'legacy',
|
|
|
|
'-provider', 'default',
|
|
|
|
'-out', 'pbe1.pem',
|
|
|
|
'-passout', 'pass:password']))),
|
|
|
|
"Convert a private key to PKCS5 v1.5 format using pbeWithMD5AndDES-CBC with the default saltlen");
|
|
|
|
|
|
|
|
ok(run(app(([ 'openssl', 'asn1parse',
|
|
|
|
'-in', 'pbe1.pem',
|
|
|
|
'-offset', '19', '-length', '10']))),
|
|
|
|
"Check the default size of the PBE PARAM 'salt length' = 8");
|
2023-08-31 15:51:46 +08:00
|
|
|
|
2023-08-31 15:49:55 +08:00
|
|
|
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
|
2024-09-27 13:58:33 +08:00
|
|
|
'-in', $pc5_key,
|
2023-08-31 15:49:55 +08:00
|
|
|
'-v1', "PBE-MD5-DES",
|
|
|
|
'-saltlen', '16',
|
|
|
|
'-provider', 'legacy',
|
|
|
|
'-provider', 'default',
|
|
|
|
'-out', 'pbe1_128bitsalt.pem',
|
|
|
|
'-passout', 'pass:password']))),
|
|
|
|
"Convert a private key to PKCS5 v1.5 format using pbeWithMD5AndDES-CBC with the 16 byte saltlen");
|
|
|
|
|
|
|
|
ok(run(app(([ 'openssl', 'asn1parse',
|
|
|
|
'-in', 'pbe1_128bitsalt.pem',
|
|
|
|
'-offset', '19', '-length', '18']))),
|
|
|
|
"Check the size of the PBE PARAM 'salt length' = 16");
|
2023-08-28 10:47:51 +08:00
|
|
|
};
|
2022-09-13 20:16:43 +08:00
|
|
|
|
2023-08-31 15:49:55 +08:00
|
|
|
|
|
|
|
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
|
2024-09-27 13:58:33 +08:00
|
|
|
'-in', $pc5_key,
|
2023-08-31 15:49:55 +08:00
|
|
|
'-saltlen', '8',
|
|
|
|
'-out', 'pbkdf2_64bit_saltlen.pem',
|
|
|
|
'-passout', 'pass:password']))),
|
|
|
|
"Convert a private key to PKCS5 v2.0 format using pbkdf2 with a salt length of 8 bytes");
|
|
|
|
|
|
|
|
# We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:3C1147976A2B61CA"
|
|
|
|
# i.e. 2 byte header + 8 byte salt.
|
|
|
|
ok(run(app(([ 'openssl', 'asn1parse',
|
|
|
|
'-in', 'pbkdf2_64bit_saltlen.pem',
|
|
|
|
'-offset', '34', '-length', '10']))),
|
|
|
|
"Check the size of the PBKDF2 PARAM 'salt length' is 8");
|
|
|
|
|
|
|
|
|
2022-09-13 20:16:43 +08:00
|
|
|
SKIP: {
|
|
|
|
skip "SM2, SM3 or SM4 is not supported by this OpenSSL build", 3
|
|
|
|
if disabled("sm2") || disabled("sm3") || disabled("sm4");
|
|
|
|
|
|
|
|
ok_nofips(run(app(([ 'openssl', 'pkcs8', '-topk8',
|
|
|
|
'-in', srctop_file('test', 'certs', 'sm2.key'),
|
|
|
|
'-out', 'sm2-pbes2-sm4-hmacWithSM3.key',
|
|
|
|
'-passout', 'pass:password',
|
|
|
|
'-v2', 'sm4', '-v2prf', 'hmacWithSM3']))),
|
|
|
|
"Convert a private key to PKCS#5 v2.0 format using SM4 and hmacWithSM3");
|
|
|
|
|
|
|
|
ok_nofips(run(app(([ 'openssl', 'pkcs8', '-topk8',
|
|
|
|
'-in', 'sm2-pbes2-sm4-hmacWithSM3.key',
|
|
|
|
'-out', 'sm2.key',
|
|
|
|
'-passin', 'pass:password', '-nocrypt',
|
|
|
|
'-v2', 'sm4', '-v2prf', 'hmacWithSM3']))),
|
|
|
|
"Convert from PKCS#5 v2.0 format to PKCS#8 unencrypted format");
|
|
|
|
|
2022-12-22 18:26:14 +08:00
|
|
|
is_nofips(compare_text(srctop_file('test', 'certs', 'sm2.key'), 'sm2.key',
|
|
|
|
sub {
|
|
|
|
my $in1 = $_[0];
|
|
|
|
my $in2 = $_[1];
|
|
|
|
$in1 =~ s/\r\n/\n/g;
|
|
|
|
$in2 =~ s/\r\n/\n/g;
|
|
|
|
$in1 ne $in2
|
|
|
|
}), 0, "compare test/certs/sm2.key to sm2.key")
|
2022-09-13 20:16:43 +08:00
|
|
|
}
|