studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity
Files
e568ddf82a21e9d069f067c06ff6055446042155
cli/vendor/pkcs5/tests/encryption.rs

130 lines
5.1 KiB
Rust
Raw Normal View History

chore: checkpoint before Python removal
2026-03-26 22:33:59 +00:00
//! PBES2 encryption tests
#![cfg(feature = "pbes2")]
use hex_literal::hex;
/// PBES2 + PBKDF2-SHA256 + AES-256-CBC `AlgorithmIdentifier` example.
///
/// Generated by OpenSSL and extracted from the `pkcs8` crate's
/// `tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.der` test vector.
const PBES2_PBKDF2_SHA256_AES256CBC_ALG_ID: &[u8] = &hex!(
"305706092a864886f70d01050d304a302906092a864886f70d01050c301c0408
79d982e70df91a8802020800300c06082a864886f70d02090500301d06096086
4801650304012a0410b2d02d78b2efd9dff694cf8e0af40925"
);
/// PBES2 + scrypt + AES-256-CBC `AlgorithmIdentifier` example.
///
/// Generated by OpenSSL and extracted from the `pkcs8` crate's
/// `ed25519-encpriv-aes256-scrypt.der` test vector.
const PBES2_SCRYPT_AES256CBC_ALG_ID: &[u8] = &hex!(
"304f06092a864886f70d01050d3042302106092b06010401da47040b30140408
e6211e2348ad69e002024000020108020101301d060960864801650304012a041
09bd0a6251f2254f9fd5963887c27cf01"
);
/// Plaintext of Ed25519 PKCS#8 private key.
///
/// This is the hex-encoded contents of `ed25519-priv.der` from
/// `pkcs8/tests/examples`.
const ED25519_PKCS8_KEY_PLAINTEXT: &[u8] = &hex!(
"302e020100300506032b65700422042017ed9c73e9db649ec189a612831c5fc5
70238207c1aa9dfbd2c53e3ff5e5ea85"
);
/// Ciphertext of Ed25519 PKCS#8 private key when encrypted using
/// PBKDF2-SHA256 as the KDF.
///
/// Extracted with:
/// $ openssl asn1parse -inform der -in pkcs8/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.der
const ED25519_PKCS8_KEY_CIPHERTEXT_PBKDF2_SHA256: &[u8] = &hex!(
"D0CD6C770F4BB87176422305C17401809E226674CE74185D221BFDAA95069890
C8882FCE02B05D41BCBF54B035595BCD4154B32593708469B86AACF8815A7B2B"
);
/// Ciphertext of Ed25519 PKCS#8 private key when encrypted using
/// scrypt as the KDF.
///
/// Extracted with:
/// $ openssl asn1parse -inform der -in pkcs8/tests/examples/ed25519-encpriv-aes256-scrypt.der
const ED25519_PKCS8_KEY_CIPHERTEXT_SCRYPT: &[u8] = &hex!(
"CC62BA773C0F495FAB3668E4FCEFCDB08E78A0EE15E0A15013F62ABE08DAA742
065EEB366D6E6C98CC3B0E7E69BDC861C88AFEB8F03DBA1E2C6D99D06D17360C"
);
/// PBES2 + DES-EDE3-CBC + PBKDF-SHA2 `AlgorithmIdentifier` example.
///
/// Generated by OpenSSL and extracted from the `pkcs8` crate's
/// `ed25519-encpriv-des3-pbkdf-sha256.der` test vector.
#[cfg(feature = "3des")]
const PBES2_PBKDF2_SHA256_DESEDE3CBC_ALG_ID: &[u8] = &hex!(
"304e06092a864886f70d01050d 3041302906092a864886f70d01050c301c0408
32a0ae2e01bbe32902020800300c06082a864886f70d02090500301406 082a864
886f70d0307040897e8f53ab0aca359"
);
/// Ciphertext of Ed25519 PKCS8 private key encrypted with DES-EDE3-CBC
/// and PBKDF2-SHA265
#[cfg(feature = "3des")]
const ED25519_PKCS8_KEY_CIPHERTEXT_DESEDE3CBC: &[u8] = &hex!(
"2D8E4CBA271A1D33659426883BB7B405D5CFFC64AEE868AB0B5774B88C12056FE
C6CAE1D9A12DDE51140DFD799D825ACD592172763866F93"
);
/// PBES2 + DES-CBC + PBKDF-SHA2 `AlgorithmIdentifier` example.
///
/// Generated by OpenSSL and extracted from the `pkcs8` crate's
/// `ed25519-encpriv-des-pbkdf-sha256.der` test vector.
#[cfg(feature = "des-insecure")]
const PBES2_PBKDF2_SHA256_DESCBC_ALG_ID: &[u8] = &hex!(
"304b06092a864886f70d01050d303e302906092a864886f70d01050c301c04080
9e7edfbd9f21e2b02020800300c06082a864886f70d02090500301106052b0e030
2070408f4aaf206a18de7ad"
);
/// Ciphertext of Ed25519 PKCS8 private key encrypted with DES-EDE3-CBC
/// and PBKDF2-SHA265
#[cfg(feature = "des-insecure")]
const ED25519_PKCS8_KEY_CIPHERTEXT_DESCBC: &[u8] = &hex!(
"FE9BB48DBEB61112A44CD9A20870CAEA642B4D3110AE7783022B4E3A84CC9F7
93E4E3893840181FBC63D75297B416A0B96CB7F9AB45CEABA"
);
/// Password used to encrypt the keys.
const PASSWORD: &[u8] = b"hunter42"; // Bad password; don't actually use outside tests!
#[test]
fn decrypt_pbes2_pbkdf2_sha256_aes256cbc() {
let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA256_AES256CBC_ALG_ID).unwrap();
let mut buffer = Vec::from(ED25519_PKCS8_KEY_CIPHERTEXT_PBKDF2_SHA256);
let plaintext = scheme.decrypt_in_place(PASSWORD, &mut buffer).unwrap();
assert_eq!(plaintext, ED25519_PKCS8_KEY_PLAINTEXT);
}
#[test]
fn decrypt_pbes2_scrypt_aes256cbc() {
let scheme = pkcs5::EncryptionScheme::try_from(PBES2_SCRYPT_AES256CBC_ALG_ID).unwrap();
let mut buffer = Vec::from(ED25519_PKCS8_KEY_CIPHERTEXT_SCRYPT);
let plaintext = scheme.decrypt_in_place(PASSWORD, &mut buffer).unwrap();
assert_eq!(plaintext, ED25519_PKCS8_KEY_PLAINTEXT);
}
#[test]
#[cfg(feature = "3des")]
fn decrypt_pbes2_pbkdf2_sha256_desede3cbc() {
let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA256_DESEDE3CBC_ALG_ID).unwrap();
let mut buffer = Vec::from(ED25519_PKCS8_KEY_CIPHERTEXT_DESEDE3CBC);
let plaintext = scheme.decrypt_in_place(PASSWORD, &mut buffer).unwrap();
assert_eq!(plaintext, ED25519_PKCS8_KEY_PLAINTEXT);
}
#[test]
#[cfg(feature = "des-insecure")]
fn decrypt_pbes2_pbkdf2_sha256_descbc() {
let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA256_DESCBC_ALG_ID).unwrap();
let mut buffer = Vec::from(ED25519_PKCS8_KEY_CIPHERTEXT_DESCBC);
let plaintext = scheme.decrypt_in_place(PASSWORD, &mut buffer).unwrap();
assert_eq!(plaintext, ED25519_PKCS8_KEY_PLAINTEXT);
}
Reference in New Issue Copy Permalink