chore: checkpoint before Python removal

vendor/pkcs5/tests/encryption.rs

@@ -0,0 +1,129 @@
+//! PBES2 encryption tests
+
+#![cfg(feature = "pbes2")]
+
+use hex_literal::hex;
+
+/// PBES2 + PBKDF2-SHA256 + AES-256-CBC `AlgorithmIdentifier` example.
+///
+/// Generated by OpenSSL and extracted from the `pkcs8` crate's
+/// `tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.der` test vector.
+const PBES2_PBKDF2_SHA256_AES256CBC_ALG_ID: &[u8] = &hex!(
+    "305706092a864886f70d01050d304a302906092a864886f70d01050c301c0408
+     79d982e70df91a8802020800300c06082a864886f70d02090500301d06096086
+     4801650304012a0410b2d02d78b2efd9dff694cf8e0af40925"
+);
+
+/// PBES2 + scrypt + AES-256-CBC `AlgorithmIdentifier` example.
+///
+/// Generated by OpenSSL and extracted from the `pkcs8` crate's
+/// `ed25519-encpriv-aes256-scrypt.der` test vector.
+const PBES2_SCRYPT_AES256CBC_ALG_ID: &[u8] = &hex!(
+    "304f06092a864886f70d01050d3042302106092b06010401da47040b30140408
+    e6211e2348ad69e002024000020108020101301d060960864801650304012a041
+    09bd0a6251f2254f9fd5963887c27cf01"
+);
+
+/// Plaintext of Ed25519 PKCS#8 private key.
+///
+/// This is the hex-encoded contents of `ed25519-priv.der` from
+/// `pkcs8/tests/examples`.
+const ED25519_PKCS8_KEY_PLAINTEXT: &[u8] = &hex!(
+    "302e020100300506032b65700422042017ed9c73e9db649ec189a612831c5fc5
+     70238207c1aa9dfbd2c53e3ff5e5ea85"
+);
+
+/// Ciphertext of Ed25519 PKCS#8 private key when encrypted using
+/// PBKDF2-SHA256 as the KDF.
+///
+/// Extracted with:
+/// $ openssl asn1parse -inform der -in pkcs8/tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.der
+const ED25519_PKCS8_KEY_CIPHERTEXT_PBKDF2_SHA256: &[u8] = &hex!(
+    "D0CD6C770F4BB87176422305C17401809E226674CE74185D221BFDAA95069890
+     C8882FCE02B05D41BCBF54B035595BCD4154B32593708469B86AACF8815A7B2B"
+);
+
+/// Ciphertext of Ed25519 PKCS#8 private key when encrypted using
+/// scrypt as the KDF.
+///
+/// Extracted with:
+/// $ openssl asn1parse -inform der -in pkcs8/tests/examples/ed25519-encpriv-aes256-scrypt.der
+const ED25519_PKCS8_KEY_CIPHERTEXT_SCRYPT: &[u8] = &hex!(
+    "CC62BA773C0F495FAB3668E4FCEFCDB08E78A0EE15E0A15013F62ABE08DAA742
+     065EEB366D6E6C98CC3B0E7E69BDC861C88AFEB8F03DBA1E2C6D99D06D17360C"
+);
+
+/// PBES2 + DES-EDE3-CBC + PBKDF-SHA2 `AlgorithmIdentifier` example.
+///
+/// Generated by OpenSSL and extracted from the `pkcs8` crate's
+/// `ed25519-encpriv-des3-pbkdf-sha256.der` test vector.
+#[cfg(feature = "3des")]
+const PBES2_PBKDF2_SHA256_DESEDE3CBC_ALG_ID: &[u8] = &hex!(
+    "304e06092a864886f70d01050d 3041302906092a864886f70d01050c301c0408
+    32a0ae2e01bbe32902020800300c06082a864886f70d02090500301406 082a864
+    886f70d0307040897e8f53ab0aca359"
+);
+
+/// Ciphertext of Ed25519 PKCS8 private key encrypted with DES-EDE3-CBC
+/// and PBKDF2-SHA265
+#[cfg(feature = "3des")]
+const ED25519_PKCS8_KEY_CIPHERTEXT_DESEDE3CBC: &[u8] = &hex!(
+    "2D8E4CBA271A1D33659426883BB7B405D5CFFC64AEE868AB0B5774B88C12056FE
+     C6CAE1D9A12DDE51140DFD799D825ACD592172763866F93"
+);
+
+/// PBES2 + DES-CBC + PBKDF-SHA2 `AlgorithmIdentifier` example.
+///
+/// Generated by OpenSSL and extracted from the `pkcs8` crate's
+/// `ed25519-encpriv-des-pbkdf-sha256.der` test vector.
+#[cfg(feature = "des-insecure")]
+const PBES2_PBKDF2_SHA256_DESCBC_ALG_ID: &[u8] = &hex!(
+    "304b06092a864886f70d01050d303e302906092a864886f70d01050c301c04080
+    9e7edfbd9f21e2b02020800300c06082a864886f70d02090500301106052b0e030
+    2070408f4aaf206a18de7ad"
+);
+
+/// Ciphertext of Ed25519 PKCS8 private key encrypted with DES-EDE3-CBC
+/// and PBKDF2-SHA265
+#[cfg(feature = "des-insecure")]
+const ED25519_PKCS8_KEY_CIPHERTEXT_DESCBC: &[u8] = &hex!(
+    "FE9BB48DBEB61112A44CD9A20870CAEA642B4D3110AE7783022B4E3A84CC9F7
+    93E4E3893840181FBC63D75297B416A0B96CB7F9AB45CEABA"
+);
+
+/// Password used to encrypt the keys.
+const PASSWORD: &[u8] = b"hunter42"; // Bad password; don't actually use outside tests!
+
+#[test]
+fn decrypt_pbes2_pbkdf2_sha256_aes256cbc() {
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA256_AES256CBC_ALG_ID).unwrap();
+    let mut buffer = Vec::from(ED25519_PKCS8_KEY_CIPHERTEXT_PBKDF2_SHA256);
+    let plaintext = scheme.decrypt_in_place(PASSWORD, &mut buffer).unwrap();
+    assert_eq!(plaintext, ED25519_PKCS8_KEY_PLAINTEXT);
+}
+
+#[test]
+fn decrypt_pbes2_scrypt_aes256cbc() {
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_SCRYPT_AES256CBC_ALG_ID).unwrap();
+    let mut buffer = Vec::from(ED25519_PKCS8_KEY_CIPHERTEXT_SCRYPT);
+    let plaintext = scheme.decrypt_in_place(PASSWORD, &mut buffer).unwrap();
+    assert_eq!(plaintext, ED25519_PKCS8_KEY_PLAINTEXT);
+}
+
+#[test]
+#[cfg(feature = "3des")]
+fn decrypt_pbes2_pbkdf2_sha256_desede3cbc() {
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA256_DESEDE3CBC_ALG_ID).unwrap();
+    let mut buffer = Vec::from(ED25519_PKCS8_KEY_CIPHERTEXT_DESEDE3CBC);
+    let plaintext = scheme.decrypt_in_place(PASSWORD, &mut buffer).unwrap();
+    assert_eq!(plaintext, ED25519_PKCS8_KEY_PLAINTEXT);
+}
+
+#[test]
+#[cfg(feature = "des-insecure")]
+fn decrypt_pbes2_pbkdf2_sha256_descbc() {
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA256_DESCBC_ALG_ID).unwrap();
+    let mut buffer = Vec::from(ED25519_PKCS8_KEY_CIPHERTEXT_DESCBC);
+    let plaintext = scheme.decrypt_in_place(PASSWORD, &mut buffer).unwrap();
+    assert_eq!(plaintext, ED25519_PKCS8_KEY_PLAINTEXT);
+}

vendor/pkcs5/tests/examples/pbes2_aes-128-cbc_hmacWithSHA1_algid.der

@@ -0,0 +1,3 @@
+0H	*├H├В
+

+0;0	*├H├В

vendor/pkcs5/tests/examples/pbes2_aes-192-cbc_hmacWithSHA1_algid.der

@@ -0,0 +1,2 @@
+0H	*├H├В
+


vendor/pkcs5/tests/examples/pbes2_aes-256-cbc_hmacWithSHA1_algid.der

@@ -0,0 +1,2 @@
+0H	*†H†÷
+


vendor/pkcs5/tests/examples/pbes2_aes-256-cbc_hmacWithSHA1_ciphertext.bin

@@ -0,0 +1,2 @@
+ÞØ)<1F>wí‰6^’ç¥z‹#×R£oì4IÝÖüƒÍeÛ¿²Ã5eEY<45>ÍjñÑyqÂá
+À[öw¼m€QH0©jÀƒ(,WX}Wñ!Õý<C395>ö<EFBFBD>âкˆA‰±ŒT-“ÏX-{ãP˜ìã<qør¹®Èöðç”$õ

vendor/pkcs5/tests/examples/re-gen.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+# http://redsymbol.net/articles/unofficial-bash-strict-mode/
+set -euo pipefail
+IFS=$'\n\t'
+
+password="hunter2"
+passout="pass:${password}"
+
+openssl genrsa -out rsa_sk.pkcs1.pem 1024
+
+openssl pkcs8 -topk8 -in rsa_sk.pkcs1.pem -outform DER -out rsa_sk.pkcs8.der -nocrypt
+
+gen_pkcs8 () {
+    local aes_mode="${1:?}"
+    local prf="${2:?}"
+
+    openssl pkcs8 \
+        -topk8 \
+        -in rsa_sk.pkcs1.pem \
+        -v2 "$aes_mode" \
+        -v2prf "$prf" \
+        -iter 10 \
+        -passout "$passout" \
+        -outform DER -out "rsa_sk_${aes_mode}_${prf}.pkcs8.der"
+}
+
+for aes_mode in "aes-128-cbc" "aes-192-cbc" "aes-256-cbc"
+do
+    for prf in "hmacWithSHA1" "hmacWithSHA224" "hmacWithSHA256" "hmacWithSHA384" "hmacWithSHA512"
+    do
+        gen_pkcs8 "$aes_mode" "$prf"
+    done
+done
+
+extract () {
+    local aes_mode="${1:?}"
+    local prf="${2:?}"
+    local algid_len="${3:?}"
+
+    dd bs=1 skip=4 count="$algid_len" if="rsa_sk_${aes_mode}_${prf}.pkcs8.der" of="pbes2_${aes_mode}_${prf}_algid.der"
+    dd bs=1 skip="$(expr $algid_len + 8)" if="rsa_sk_${aes_mode}_${prf}.pkcs8.der" of="pbes2_${aes_mode}_${prf}_ciphertext.bin"
+}
+
+for aes_mode in "aes-128-cbc" "aes-192-cbc" "aes-256-cbc"
+do
+    extract "$aes_mode" "hmacWithSHA1" 74
+
+    for prf in "hmacWithSHA224" "hmacWithSHA256" "hmacWithSHA384" "hmacWithSHA512"
+    do
+        extract "$aes_mode" "$prf" 88
+    done
+done

vendor/pkcs5/tests/examples/rsa_sk.pkcs1.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC8kFIo73BV0oUpAzYB0yFQydoJX4XhJU89biicA133jJd8MkVE
+DQrnFNsjckBB9yretNvJxIG30cBc6139Goowj0q7Ocwb32LONYYhuU4wG8zl8L8B
+EaC1mi4J02OUChZ7JCw6W9nat69kMaEbOWZxSDkfybXBelh6OxUGdXd3cwIDAQAB
+AoGAawDi/sPRVYJfekSOMz7iWvwQtNz2Fiub6dpHRTFL85xeomXMlK9qDnPxXw4I
+lOZz92leiALxMaTfqlsOPQEAhU5XoA8jGwVSC2T6urfrSzQzKfLn4rKyEQCYIiIe
+Q2b7ScxFUFxaOXxELK1AzGnTJ2NUCkk5+SdNSP8DzYeRwnECQQD7Bzca+7Qgff6l
+y9mXj3sz4RAF1t8lGf/2dzGmRXwIq87O74s50jBl0tvdEg5RUj7bQ09XdRuMjBKp
+1DOJS3U/AkEAwExkpLgT35HU0D1Y1zWlpERX8qGbLlBp/AlRgRuwFSPnmoFyVutV
+ahgOH5KayVN55rwJRLH9jEhjrtjZyGxszQJAB4q69BuV2NgQO4j5W51a9T8QzSwc
+fi/eydfg7P7vcA9BYmQ+CZmwDI8ePfEZ7wWKj+ngy17gWgOnV+ThO4HB3wJBAJM4
+aTzqaNybCzC6Js/slHnkkOiC7QlSKzH3+Fw91Fr6+A+D1wPQe74T2Iw3cyV7MTKC
+9x2OnyzNJvPvtRwKVmkCQGTiqQybnnZ4PSY6fIe5AnvcO9tK4BchySkOQ2Ws726G
+zGcbmmz1ShDo7tPNUk4hcWUOJFbR6/1zDYJIzmACvL0=
+-----END RSA PRIVATE KEY-----

vendor/pkcs5/tests/examples/rsa_sk_aes-256-cbc_hmacWithSHA1.pkcs8.der

@@ -0,0 +1,3 @@
+0‚Î0H	*†H†÷
+

+0;0	*†H†÷

vendor/pkcs5/tests/pbes2.rs

@@ -0,0 +1,199 @@
+//! Password-Based Encryption Scheme 2 tests
+
+use der::Encode;
+use hex_literal::hex;
+use pkcs5::pbes2;
+
+/// PBES2 + PBKDF2-SHA1 + AES-128-CBC `AlgorithmIdentifier` example.
+///
+/// Generated by OpenSSL and extracted from the `pkcs8` crate's
+/// `tests/examples/ed25519-encpriv-aes128-pbkdf2-sha1.der` test vector.
+const PBES2_PBKDF2_SHA1_AES128CBC_ALG_ID: &[u8] = &hex!(
+    "304906092a864886f70d01050d303c301b06092a864886f70d01050c300e0408
+     e8765e01e43b6bad02020800301d06096086480165030401020410223080a71b
+     cd2b9a256d876c924979d2"
+);
+
+/// PBES2 + PBKDF2-SHA256 + AES-256-CBC `AlgorithmIdentifier` example.
+///
+/// Generated by OpenSSL and extracted from the `pkcs8` crate's
+/// `tests/examples/ed25519-encpriv-aes256-pbkdf2-sha256.der` test vector.
+const PBES2_PBKDF2_SHA256_AES256CBC_ALG_ID: &[u8] = &hex!(
+    "305706092a864886f70d01050d304a302906092a864886f70d01050c301c0408
+     79d982e70df91a8802020800300c06082a864886f70d02090500301d06096086
+     4801650304012a0410b2d02d78b2efd9dff694cf8e0af40925"
+);
+
+/// PBES2 + scrypt + AES-256-CBC `AlgorithmIdentifier` example.
+///
+/// Generated by OpenSSL and extracted from the `pkcs8` crate's
+/// `ed25519-encpriv-aes256-scrypt.der` test vector.
+const PBES2_SCRYPT_AES256CBC_ALG_ID: &[u8] = &hex!(
+    "304f06092a864886f70d01050d3042302106092b06010401da47040b30140408
+    e6211e2348ad69e002024000020108020101301d060960864801650304012a041
+    09bd0a6251f2254f9fd5963887c27cf01"
+);
+
+/// PBES2 + DES-EDE3-CBC + PBKDF-SHA2 `AlgorithmIdentifier` example.
+///
+/// Generated by OpenSSL and extracted from the `pkcs8` crate's
+/// `ed25519-encpriv-des3-pbkdf-sha256.der` test vector.
+#[cfg(feature = "3des")]
+const PBES2_PBKDF2_SHA256_DESEDE3CBC_ALG_ID: &[u8] = &hex!(
+    "304e06092a864886f70d01050d 3041302906092a864886f70d01050c301c0408
+    32a0ae2e01bbe32902020800300c06082a864886f70d02090500301406 082a864
+    886f70d0307040897e8f53ab0aca359"
+);
+
+/// PBES2 + DES-CBC + PBKDF-SHA2 `AlgorithmIdentifier` example.
+///
+/// Generated by OpenSSL and extracted from the `pkcs8` crate's
+/// `ed25519-encpriv-des-pbkdf-sha256.der` test vector.
+#[cfg(feature = "des-insecure")]
+const PBES2_PBKDF2_SHA256_DESCBC_ALG_ID: &[u8] = &hex!(
+    "304b06092a864886f70d01050d303e302906092a864886f70d01050c301c04080
+    9e7edfbd9f21e2b02020800300c06082a864886f70d02090500301106052b0e030
+    2070408f4aaf206a18de7ad"
+);
+
+/// Decoding test for PBES2 + PBKDF2-SHA1 + AES-128-CBC `AlgorithmIdentifier`
+#[test]
+fn decode_pbes2_pbkdf2_sha1_aes128cbc() {
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA1_AES128CBC_ALG_ID).unwrap();
+    let params = scheme.pbes2().unwrap();
+
+    let pbkdf2_params = params.kdf.pbkdf2().unwrap();
+    assert_eq!(pbkdf2_params.salt, &hex!("e8765e01e43b6bad"));
+    assert_eq!(pbkdf2_params.iteration_count, 2048);
+    assert_eq!(pbkdf2_params.key_length, None);
+    assert_eq!(pbkdf2_params.prf, pbes2::Pbkdf2Prf::HmacWithSha1);
+
+    match params.encryption {
+        pbes2::EncryptionScheme::Aes128Cbc { iv } => {
+            assert_eq!(iv, &hex!("223080a71bcd2b9a256d876c924979d2"));
+        }
+        other => panic!("unexpected encryption scheme: {:?}", other),
+    }
+}
+
+/// Decoding test for PBES2 + PBKDF2-SHA256 + AES-256-CBC `AlgorithmIdentifier`
+#[test]
+fn decode_pbes2_pbkdf2_sha256_aes256cbc() {
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA256_AES256CBC_ALG_ID).unwrap();
+    let params = scheme.pbes2().unwrap();
+
+    let pbkdf2_params = params.kdf.pbkdf2().unwrap();
+    assert_eq!(pbkdf2_params.salt, &hex!("79d982e70df91a88"));
+    assert_eq!(pbkdf2_params.iteration_count, 2048);
+    assert_eq!(pbkdf2_params.key_length, None);
+    assert_eq!(pbkdf2_params.prf, pbes2::Pbkdf2Prf::HmacWithSha256);
+
+    match params.encryption {
+        pbes2::EncryptionScheme::Aes256Cbc { iv } => {
+            assert_eq!(iv, &hex!("b2d02d78b2efd9dff694cf8e0af40925"));
+        }
+        other => panic!("unexpected encryption scheme: {:?}", other),
+    }
+}
+
+/// Decoding test for PBES2 + scrypt + AES-256-CBC `AlgorithmIdentifier`
+#[test]
+fn decode_pbes2_scrypt_aes256cbc() {
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_SCRYPT_AES256CBC_ALG_ID).unwrap();
+    let params = scheme.pbes2().unwrap();
+
+    let scrypt_params = params.kdf.scrypt().unwrap();
+    assert_eq!(scrypt_params.salt, &hex!("E6211E2348AD69E0"));
+    assert_eq!(scrypt_params.cost_parameter, 16384);
+    assert_eq!(scrypt_params.block_size, 8);
+    assert_eq!(scrypt_params.parallelization, 1);
+    assert_eq!(scrypt_params.key_length, None);
+
+    match params.encryption {
+        pbes2::EncryptionScheme::Aes256Cbc { iv } => {
+            assert_eq!(iv, &hex!("9BD0A6251F2254F9FD5963887C27CF01"));
+        }
+        other => panic!("unexpected encryption scheme: {:?}", other),
+    }
+}
+
+/// Decoding test for PBES2 + PBKDF2-SHA256 + DES-EDE3-CBC `AlgorithmIdentifier`
+#[cfg(feature = "3des")]
+#[test]
+fn decode_pbes2_pbkdf2_sha256_desede3cbc() {
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA256_DESEDE3CBC_ALG_ID).unwrap();
+    let params = scheme.pbes2().unwrap();
+
+    let pbkdf2_params = params.kdf.pbkdf2().unwrap();
+    assert_eq!(pbkdf2_params.salt, &hex!("32A0AE2E01BBE329"));
+    assert_eq!(pbkdf2_params.key_length, None);
+    assert_eq!(pbkdf2_params.prf, pbes2::Pbkdf2Prf::HmacWithSha256);
+    assert_eq!(pbkdf2_params.iteration_count, 2048);
+
+    match params.encryption {
+        pbes2::EncryptionScheme::DesEde3Cbc { iv } => {
+            assert_eq!(iv, &hex!("97E8F53AB0ACA359"));
+        }
+        other => panic!("unexpected encryption scheme: {:?}", other),
+    }
+}
+
+/// Decoding test for PBES2 + PBKDF2-SHA256 + DES-CBC `AlgorithmIdentifier`
+#[cfg(feature = "des-insecure")]
+#[test]
+fn decode_pbes2_pbkdf2_sha256_descbc() {
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA256_DESCBC_ALG_ID).unwrap();
+    let params = scheme.pbes2().unwrap();
+
+    let pbkdf2_params = params.kdf.pbkdf2().unwrap();
+    assert_eq!(pbkdf2_params.salt, &hex!("09E7EDFBD9F21E2B"));
+    assert_eq!(pbkdf2_params.key_length, None);
+    assert_eq!(pbkdf2_params.prf, pbes2::Pbkdf2Prf::HmacWithSha256);
+    assert_eq!(pbkdf2_params.iteration_count, 2048);
+
+    match params.encryption {
+        pbes2::EncryptionScheme::DesCbc { iv } => {
+            assert_eq!(iv, &hex!("F4AAF206A18DE7AD"));
+        }
+        other => panic!("unexpected encryption scheme: {:?}", other),
+    }
+}
+
+/// Encoding test for PBES2 + PBKDF2-SHA1 + AES-128-CBC `AlgorithmIdentifier`
+#[test]
+fn encode_pbes2_pbkdf2_sha1_aes128cbc() {
+    let mut buffer = [0u8; 1024];
+
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA1_AES128CBC_ALG_ID).unwrap();
+    let mut encoder = der::SliceWriter::new(&mut buffer);
+    scheme.encode(&mut encoder).unwrap();
+
+    let encoded_der = encoder.finish().unwrap();
+    assert_eq!(encoded_der, PBES2_PBKDF2_SHA1_AES128CBC_ALG_ID);
+}
+
+/// Encoding test for PBES2 + PBKDF2-SHA256 + AES-256-CBC `AlgorithmIdentifier`
+#[test]
+fn encode_pbes2_pbkdf2_sha256_aes256cbc() {
+    let mut buffer = [0u8; 1024];
+
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_PBKDF2_SHA256_AES256CBC_ALG_ID).unwrap();
+    let mut encoder = der::SliceWriter::new(&mut buffer);
+    scheme.encode(&mut encoder).unwrap();
+
+    let encoded_der = encoder.finish().unwrap();
+    assert_eq!(encoded_der, PBES2_PBKDF2_SHA256_AES256CBC_ALG_ID);
+}
+
+/// Encoding test for PBES2 + scrypt + AES-256-CBC `AlgorithmIdentifier`
+#[test]
+fn encode_pbes2_scrypt_aes256cbc() {
+    let mut buffer = [0u8; 1024];
+
+    let scheme = pkcs5::EncryptionScheme::try_from(PBES2_SCRYPT_AES256CBC_ALG_ID).unwrap();
+    let mut encoder = der::SliceWriter::new(&mut buffer);
+    scheme.encode(&mut encoder).unwrap();
+
+    let encoded_der = encoder.finish().unwrap();
+    assert_eq!(encoded_der, PBES2_SCRYPT_AES256CBC_ALG_ID);
+}

vendor/pkcs5/tests/pbes2_pbkdf2_decrypt.rs

@@ -0,0 +1,56 @@
+//! PBES2 PBKDF2 decryption tests
+
+#[cfg(feature = "pbes2")]
+use std::fs;
+
+#[cfg(feature = "pbes2")]
+fn run_combinations(prfs: &[&str]) {
+    /// Password used to encrypt the keys.
+    const PASSWORD: &[u8] = b"hunter2"; // Bad password; don't actually use outside tests!
+
+    let sk_path = "./tests/examples/rsa_sk.pkcs8.der";
+    let sk_bytes = fs::read(&sk_path).expect(&format!("Failed to read from {}", &sk_path));
+
+    for aes_mode in ["aes-128-cbc", "aes-192-cbc", "aes-256-cbc"] {
+        for prf in prfs {
+            let algid_path = format!("./tests/examples/pbes2_{}_{}_algid.der", aes_mode, prf);
+            let algid_bytes =
+                fs::read(&algid_path).expect(&format!("Failed to read from {}", &algid_path));
+            let scheme = pkcs5::EncryptionScheme::try_from(algid_bytes.as_slice())
+                .expect(&format!("Failed to interpret scheme {} {}", aes_mode, prf));
+
+            let ciphertext_path =
+                format!("./tests/examples/pbes2_{}_{}_ciphertext.bin", aes_mode, prf);
+            let mut ciphertext_bytes = fs::read(&ciphertext_path)
+                .expect(&format!("Failed to read from {}", &ciphertext_path));
+
+            assert_eq!(640, ciphertext_bytes.len());
+
+            let plaintext = scheme
+                .decrypt_in_place(PASSWORD, &mut ciphertext_bytes)
+                .expect(&format!("pbes2 decryption of {} {}", aes_mode, prf));
+
+            assert_eq!(sk_bytes, plaintext);
+        }
+    }
+}
+
+#[cfg(feature = "sha1-insecure")]
+#[test]
+fn all_combinations_with_sha1() {
+    let prfs = vec!["hmacWithSHA1"];
+    run_combinations(&prfs);
+}
+
+#[cfg(feature = "pbes2")]
+#[test]
+fn all_combinations_with_sha2() {
+    let prfs = vec![
+        "hmacWithSHA224",
+        "hmacWithSHA256",
+        "hmacWithSHA384",
+        "hmacWithSHA512",
+    ];
+
+    run_combinations(&prfs);
+}