/* Copyright (c) 2015, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include <gtest/gtest.h> #include <openssl/crypto.h> #include <openssl/err.h> #include <openssl/pkcs8.h> #include <openssl/x509.h> #include "../internal.h" // kEncryptedPBES2WithDESAndSHA1 is a PKCS#8 encrypted private key using PBES2 // with DES-EDE3-CBC and HMAC-SHA-1 and a password of "testing". It was // generated with: // // clang-format off // // openssl ecparam -genkey -name prime256v1 > test.key // openssl pkcs8 -topk8 -in test.key -out test.key.encrypted -v2 des3 -v2prf hmacWithSHA1 -outform der // xxd -i test.key.encrypted // // clang-format on static const uint8_t kEncryptedPBES2WithDESAndSHA1[] = …; // kEncryptedPBES2WithAESAndSHA256 is a PKCS#8 encrypted private key using PBES2 // with AES-128-CBC and HMAC-SHA-256 and a password of "testing". It was generated with: // // clang-format off // // openssl ecparam -genkey -name prime256v1 > test.key // openssl pkcs8 -topk8 -in test.key -out test.key.encrypted -v2 aes-128-cbc -v2prf hmacWithSHA256 -outform der // xxd -i test.key.encrypted // // clang-format on static const uint8_t kEncryptedPBES2WithAESAndSHA256[] = …; // kNullPassword is a PKCS#8 encrypted private key using the null password. static const uint8_t kNullPassword[] = …; // kNullPasswordNSS is a PKCS#8 encrypted private key using the null password // and generated by NSS. static const uint8_t kNullPasswordNSS[] = …; // kEmptyPasswordOpenSSL is a PKCS#8 encrypted private key using the empty // password and generated by OpenSSL. static const uint8_t kEmptyPasswordOpenSSL[] = …; // kExplicitHMACWithSHA1 is a PBES2-encrypted private key with an explicit // hmacWithSHA1 AlgorithmIdentifier in the PBKDF2 parameters. static const uint8_t kExplicitHMACWithSHA1[] = …; static void TestDecrypt(const uint8_t *der, size_t der_len, const char *password) { … } static void TestRoundTrip(int pbe_nid, const EVP_CIPHER *cipher, const char *password, const uint8_t *salt, size_t salt_len, int iterations) { … } TEST(PKCS8Test, DecryptString) { … } TEST(PKCS8Test, DecryptNull) { … } TEST(PKCS8Test, DecryptNullNSS) { … } TEST(PKCS8Test, DecryptEmptyStringOpenSSL) { … } TEST(PKCS8Test, DecryptExplicitHMACWithSHA1) { … } TEST(PKCS8Test, RoundTripPBEWithrSHA1And3KeyTripleDES) { … } // Test that both "" (empty password, encoded as "\0\0") and nullptr (no // password, encoded as "") work. TEST(PKCS8Test, RoundTripPBEWithSHA1And3KeyTripleDESEmptyPassword) { … } TEST(PKCS8Test, RoundTripPBEWithSHA1And40BitRC2CBC) { … } TEST(PKCS8Test, RoundTripPBEWithSHA1And128BitRC4) { … } TEST(PKCS8Test, RoundTripPBES2) { … } TEST(PKCS8Test, InvalidPBES1NIDs) { … }