2016-04-21 19:50:03 -04:00
|
|
|
// Copyright 2016 The Go Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package pkcs12
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/ecdsa"
|
|
|
|
"crypto/elliptic"
|
|
|
|
"crypto/rand"
|
|
|
|
"crypto/rsa"
|
|
|
|
"crypto/x509"
|
|
|
|
"encoding/asn1"
|
|
|
|
"testing"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestRoundTripPkcs8Rsa(t *testing.T) {
|
|
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 512)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("failed to generate a private key: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
bytes, err := marshalPKCS8PrivateKey(privateKey)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("failed to marshal private key: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
key, err := x509.ParsePKCS8PrivateKey(bytes)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("failed to parse private key: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
actualPrivateKey, ok := key.(*rsa.PrivateKey)
|
|
|
|
if !ok {
|
|
|
|
t.Fatalf("expected key to be of type *rsa.PrivateKey, but actual was %T", key)
|
|
|
|
}
|
|
|
|
|
|
|
|
if actualPrivateKey.Validate() != nil {
|
2017-09-02 19:09:29 -04:00
|
|
|
t.Fatalf("private key did not validate")
|
2016-04-21 19:50:03 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
if actualPrivateKey.N.Cmp(privateKey.N) != 0 {
|
|
|
|
t.Errorf("private key's N did not round trip")
|
|
|
|
}
|
|
|
|
if actualPrivateKey.D.Cmp(privateKey.D) != 0 {
|
|
|
|
t.Errorf("private key's D did not round trip")
|
|
|
|
}
|
|
|
|
if actualPrivateKey.E != privateKey.E {
|
|
|
|
t.Errorf("private key's E did not round trip")
|
|
|
|
}
|
|
|
|
if actualPrivateKey.Primes[0].Cmp(privateKey.Primes[0]) != 0 {
|
|
|
|
t.Errorf("private key's P did not round trip")
|
|
|
|
}
|
|
|
|
if actualPrivateKey.Primes[1].Cmp(privateKey.Primes[1]) != 0 {
|
|
|
|
t.Errorf("private key's Q did not round trip")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRoundTripPkcs8Ecdsa(t *testing.T) {
|
|
|
|
privateKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("failed to generate a private key: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
bytes, err := marshalPKCS8PrivateKey(privateKey)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("failed to marshal private key: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
key, err := x509.ParsePKCS8PrivateKey(bytes)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("failed to parse private key: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
actualPrivateKey, ok := key.(*ecdsa.PrivateKey)
|
|
|
|
if !ok {
|
|
|
|
t.Fatalf("expected key to be of type *ecdsa.PrivateKey, but actual was %T", key)
|
|
|
|
}
|
|
|
|
|
|
|
|
// sanity check, not exhaustive
|
|
|
|
if actualPrivateKey.D.Cmp(privateKey.D) != 0 {
|
|
|
|
t.Errorf("private key's D did not round trip")
|
|
|
|
}
|
|
|
|
if actualPrivateKey.X.Cmp(privateKey.X) != 0 {
|
|
|
|
t.Errorf("private key's X did not round trip")
|
|
|
|
}
|
|
|
|
if actualPrivateKey.Y.Cmp(privateKey.Y) != 0 {
|
|
|
|
t.Errorf("private key's Y did not round trip")
|
|
|
|
}
|
|
|
|
if actualPrivateKey.Curve.Params().B.Cmp(privateKey.Curve.Params().B) != 0 {
|
|
|
|
t.Errorf("private key's Curve.B did not round trip")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestNullParametersPkcs8Rsa(t *testing.T) {
|
|
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 512)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("failed to generate a private key: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
checkNullParameter(t, privateKey)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestNullParametersPkcs8Ecdsa(t *testing.T) {
|
|
|
|
privateKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("failed to generate a private key: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
checkNullParameter(t, privateKey)
|
|
|
|
}
|
|
|
|
|
|
|
|
func checkNullParameter(t *testing.T, privateKey interface{}) {
|
|
|
|
bytes, err := marshalPKCS8PrivateKey(privateKey)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("failed to marshal private key: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var pkcs pkcs8
|
|
|
|
rest, err := asn1.Unmarshal(bytes, &pkcs)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("failed to unmarshal PKCS#8: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(rest) != 0 {
|
|
|
|
t.Fatalf("unexpected trailing bytes of len=%d, bytes=%x", len(rest), rest)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Only version == 0 is known and valid
|
|
|
|
if pkcs.Version != 0 {
|
|
|
|
t.Errorf("expected version=0, but actual=%d", pkcs.Version)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ensure a NULL parameter is inserted
|
|
|
|
if pkcs.Algo.Parameters.Tag != 5 {
|
|
|
|
t.Errorf("expected parameters to be NULL, but actual tag=%d, class=%d, isCompound=%t, bytes=%x",
|
|
|
|
pkcs.Algo.Parameters.Tag,
|
|
|
|
pkcs.Algo.Parameters.Class,
|
|
|
|
pkcs.Algo.Parameters.IsCompound,
|
|
|
|
pkcs.Algo.Parameters.Bytes)
|
|
|
|
}
|
|
|
|
}
|