1#! /usr/bin/env perl 2# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9use strict; 10use warnings; 11 12use OpenSSL::Test::Utils; 13use File::Compare qw(compare_text); 14use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips is_nofips/; 15 16setup("test_pkcs8"); 17 18plan tests => 15; 19 20ok(run(app(([ 'openssl', 'pkcs8', '-topk8', 21 '-in', srctop_file('test', 'certs', 'pc5-key.pem'), 22 '-out', 'pbkdf2_default_saltlen.pem', 23 '-passout', 'pass:password']))), 24 "Convert a private key to PKCS5 v2.0 format using PBKDF2 with the default saltlen"); 25 26# We expect the output to be of the form "0:d=0 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:FAC7F37508E6B7A805BF4B13861B3687" 27# i.e. 2 byte header + 16 byte salt. 28ok(run(app(([ 'openssl', 'asn1parse', 29 '-in', 'pbkdf2_default_saltlen.pem', 30 '-offset', '34', '-length', '18']))), 31 "Check the default size of the PBKDF2 PARAM 'salt length' is 16"); 32 33SKIP: { 34 skip "scrypt is not supported by this OpenSSL build", 4 35 if disabled("scrypt"); 36 37 ok(run(app(([ 'openssl', 'pkcs8', '-topk8', 38 '-in', srctop_file('test', 'certs', 'pc5-key.pem'), 39 '-scrypt', 40 '-out', 'scrypt_default_saltlen.pem', 41 '-passout', 'pass:password']))), 42 "Convert a private key to PKCS5 v2.0 format using scrypt with the default saltlen"); 43 44# We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:FAC7F37508E6B7A805BF4B13861B3687" 45# i.e. 2 byte header + 16 byte salt. 46 ok(run(app(([ 'openssl', 'asn1parse', 47 '-in', 'scrypt_default_saltlen.pem', 48 '-offset', '34', '-length', '18']))), 49 "Check the default size of the SCRYPT PARAM 'salt length' = 16"); 50 51 ok(run(app(([ 'openssl', 'pkcs8', '-topk8', 52 '-in', srctop_file('test', 'certs', 'pc5-key.pem'), 53 '-scrypt', 54 '-saltlen', '8', 55 '-out', 'scrypt_64bit_saltlen.pem', 56 '-passout', 'pass:password']))), 57 "Convert a private key to PKCS5 v2.0 format using scrypt with a salt length of 8 bytes"); 58 59# We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:3C1147976A2B61CA" 60# i.e. 2 byte header + 8 byte salt. 61 ok(run(app(([ 'openssl', 'asn1parse', 62 '-in', 'scrypt_64bit_saltlen.pem', 63 '-offset', '34', '-length', '10']))), 64 "Check the size of the SCRYPT PARAM 'salt length' is 8"); 65} 66 67SKIP: { 68 skip "legacy provider is not supported by this OpenSSL build", 4 69 if disabled('legacy') || disabled("des"); 70 71 ok(run(app(([ 'openssl', 'pkcs8', '-topk8', 72 '-in', srctop_file('test', 'certs', 'pc5-key.pem'), 73 '-v1', "PBE-MD5-DES", 74 '-provider', 'legacy', 75 '-provider', 'default', 76 '-out', 'pbe1.pem', 77 '-passout', 'pass:password']))), 78 "Convert a private key to PKCS5 v1.5 format using pbeWithMD5AndDES-CBC with the default saltlen"); 79 80 ok(run(app(([ 'openssl', 'asn1parse', 81 '-in', 'pbe1.pem', 82 '-offset', '19', '-length', '10']))), 83 "Check the default size of the PBE PARAM 'salt length' = 8"); 84 85 ok(run(app(([ 'openssl', 'pkcs8', '-topk8', 86 '-in', srctop_file('test', 'certs', 'pc5-key.pem'), 87 '-v1', "PBE-MD5-DES", 88 '-saltlen', '16', 89 '-provider', 'legacy', 90 '-provider', 'default', 91 '-out', 'pbe1_128bitsalt.pem', 92 '-passout', 'pass:password']))), 93 "Convert a private key to PKCS5 v1.5 format using pbeWithMD5AndDES-CBC with the 16 byte saltlen"); 94 95 ok(run(app(([ 'openssl', 'asn1parse', 96 '-in', 'pbe1_128bitsalt.pem', 97 '-offset', '19', '-length', '18']))), 98 "Check the size of the PBE PARAM 'salt length' = 16"); 99}; 100 101 102ok(run(app(([ 'openssl', 'pkcs8', '-topk8', 103 '-in', srctop_file('test', 'certs', 'pc5-key.pem'), 104 '-saltlen', '8', 105 '-out', 'pbkdf2_64bit_saltlen.pem', 106 '-passout', 'pass:password']))), 107 "Convert a private key to PKCS5 v2.0 format using pbkdf2 with a salt length of 8 bytes"); 108 109# We expect the output to be of the form "0:d=0 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:3C1147976A2B61CA" 110# i.e. 2 byte header + 8 byte salt. 111ok(run(app(([ 'openssl', 'asn1parse', 112 '-in', 'pbkdf2_64bit_saltlen.pem', 113 '-offset', '34', '-length', '10']))), 114 "Check the size of the PBKDF2 PARAM 'salt length' is 8"); 115 116 117SKIP: { 118 skip "SM2, SM3 or SM4 is not supported by this OpenSSL build", 3 119 if disabled("sm2") || disabled("sm3") || disabled("sm4"); 120 121 ok_nofips(run(app(([ 'openssl', 'pkcs8', '-topk8', 122 '-in', srctop_file('test', 'certs', 'sm2.key'), 123 '-out', 'sm2-pbes2-sm4-hmacWithSM3.key', 124 '-passout', 'pass:password', 125 '-v2', 'sm4', '-v2prf', 'hmacWithSM3']))), 126 "Convert a private key to PKCS#5 v2.0 format using SM4 and hmacWithSM3"); 127 128 ok_nofips(run(app(([ 'openssl', 'pkcs8', '-topk8', 129 '-in', 'sm2-pbes2-sm4-hmacWithSM3.key', 130 '-out', 'sm2.key', 131 '-passin', 'pass:password', '-nocrypt', 132 '-v2', 'sm4', '-v2prf', 'hmacWithSM3']))), 133 "Convert from PKCS#5 v2.0 format to PKCS#8 unencrypted format"); 134 135 is_nofips(compare_text(srctop_file('test', 'certs', 'sm2.key'), 'sm2.key', 136 sub { 137 my $in1 = $_[0]; 138 my $in2 = $_[1]; 139 $in1 =~ s/\r\n/\n/g; 140 $in2 =~ s/\r\n/\n/g; 141 $in1 ne $in2 142 }), 0, "compare test/certs/sm2.key to sm2.key") 143} 144