github.com/emmansun/gmsm@v0.29.1/smx509/pkcs8_test.go (about) 1 package smx509 2 3 import ( 4 "bytes" 5 "crypto/ecdsa" 6 "crypto/ed25519" 7 "crypto/elliptic" 8 "crypto/rand" 9 "crypto/rsa" 10 "encoding/hex" 11 "fmt" 12 "reflect" 13 "strings" 14 "testing" 15 16 "github.com/emmansun/gmsm/sm2" 17 "github.com/emmansun/gmsm/sm9" 18 ) 19 20 // Generated using: 21 // 22 // openssl genrsa 1024 | openssl pkcs8 -topk8 -nocrypt 23 var pkcs8RSAPrivateKeyHex = `30820278020100300d06092a864886f70d0101010500048202623082025e02010002818100cfb1b5bf9685ffa97b4f99df4ff122b70e59ac9b992f3bc2b3dde17d53c1a34928719b02e8fd17839499bfbd515bd6ef99c7a1c47a239718fe36bfd824c0d96060084b5f67f0273443007a24dfaf5634f7772c9346e10eb294c2306671a5a5e719ae24b4de467291bc571014b0e02dec04534d66a9bb171d644b66b091780e8d020301000102818100b595778383c4afdbab95d2bfed12b3f93bb0a73a7ad952f44d7185fd9ec6c34de8f03a48770f2009c8580bcd275e9632714e9a5e3f32f29dc55474b2329ff0ebc08b3ffcb35bc96e6516b483df80a4a59cceb71918cbabf91564e64a39d7e35dce21cb3031824fdbc845dba6458852ec16af5dddf51a8397a8797ae0337b1439024100ea0eb1b914158c70db39031dd8904d6f18f408c85fbbc592d7d20dee7986969efbda081fdf8bc40e1b1336d6b638110c836bfdc3f314560d2e49cd4fbde1e20b024100e32a4e793b574c9c4a94c8803db5152141e72d03de64e54ef2c8ed104988ca780cd11397bc359630d01b97ebd87067c5451ba777cf045ca23f5912f1031308c702406dfcdbbd5a57c9f85abc4edf9e9e29153507b07ce0a7ef6f52e60dcfebe1b8341babd8b789a837485da6c8d55b29bbb142ace3c24a1f5b54b454d01b51e2ad03024100bd6a2b60dee01e1b3bfcef6a2f09ed027c273cdbbaf6ba55a80f6dcc64e4509ee560f84b4f3e076bd03b11e42fe71a3fdd2dffe7e0902c8584f8cad877cdc945024100aa512fa4ada69881f1d8bb8ad6614f192b83200aef5edf4811313d5ef30a86cbd0a90f7b025c71ea06ec6b34db6306c86b1040670fd8654ad7291d066d06d031` 24 25 // Generated using: 26 // 27 // openssl ecparam -genkey -name secp224r1 | openssl pkcs8 -topk8 -nocrypt 28 var pkcs8P224PrivateKeyHex = `3078020100301006072a8648ce3d020106052b810400210461305f020101041cca3d72b3e88fed2684576dad9b80a9180363a5424986900e3abcab3fa13c033a0004f8f2a6372872a4e61263ed893afb919576a4cacfecd6c081a2cbc76873cf4ba8530703c6042b3a00e2205087e87d2435d2e339e25702fae1` 29 30 // Generated using: 31 // 32 // openssl ecparam -genkey -name secp256r1 | openssl pkcs8 -topk8 -nocrypt 33 var pkcs8P256PrivateKeyHex = `308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b0201010420dad6b2f49ca774c36d8ae9517e935226f667c929498f0343d2424d0b9b591b43a14403420004b9c9b90095476afe7b860d8bd43568cab7bcb2eed7b8bf2fa0ce1762dd20b04193f859d2d782b1e4cbfd48492f1f533113a6804903f292258513837f07fda735` 34 35 var pkcs8SM2P256PrivateKeyHex = `308187020100301306072a8648ce3d020106082a811ccf5501822d046d306b0201010420b26da57ba53004ddcd387ad46a361b51b308481f2327d47fb10c5fb3a8c86b92a144034200040d5365bfdbdc564c5b0eda0a85ddbd753821a709de90efe0666ba2544766acf1100ac0484d166842011da5cd6139e53dedb99ce37cea9edf4941628066e861bf` 36 37 // Generated with OpenSSL v3.1.3 38 var pkcs8SM2PrivateKeyHex = "308188020100301406082a811ccf5501822d06082a811ccf5501822d046d306b020101042087d86c005f449379641916b5e5f1cd5d21ccdad60613741669f470946acb9d17a144034200046f233f11f15549701dc5e677a2f5d202d1b7183d6f6affb16a76558afab3cca537e482c56d779ff589311d03a94114627c88fdf67252ed21fe7051f94b48ca2f" 39 40 // Generated using: 41 // 42 // openssl ecparam -genkey -name secp384r1 | openssl pkcs8 -topk8 -nocrypt 43 var pkcs8P384PrivateKeyHex = `3081b6020100301006072a8648ce3d020106052b8104002204819e30819b02010104309bf832f6aaaeacb78ce47ffb15e6fd0fd48683ae79df6eca39bfb8e33829ac94aa29d08911568684c2264a08a4ceb679a164036200049070ad4ed993c7770d700e9f6dc2baa83f63dd165b5507f98e8ff29b5d2e78ccbe05c8ddc955dbf0f7497e8222cfa49314fe4e269459f8e880147f70d785e530f2939e4bf9f838325bb1a80ad4cf59272ae0e5efe9a9dc33d874492596304bd3` 44 45 // Generated using: 46 // 47 // openssl ecparam -genkey -name secp521r1 | openssl pkcs8 -topk8 -nocrypt 48 // 49 // Note that OpenSSL will truncate the private key if it can (i.e. it emits it 50 // like an integer, even though it's an OCTET STRING field). Thus if you 51 // regenerate this you may, randomly, find that it's a byte shorter than 52 // expected and the Go test will fail to recreate it exactly. 53 var pkcs8P521PrivateKeyHex = `3081ee020100301006072a8648ce3d020106052b810400230481d63081d3020101044200cfe0b87113a205cf291bb9a8cd1a74ac6c7b2ebb8199aaa9a5010d8b8012276fa3c22ac913369fa61beec2a3b8b4516bc049bde4fb3b745ac11b56ab23ac52e361a1818903818600040138f75acdd03fbafa4f047a8e4b272ba9d555c667962b76f6f232911a5786a0964e5edea6bd21a6f8725720958de049c6e3e6661c1c91b227cebee916c0319ed6ca003db0a3206d372229baf9dd25d868bf81140a518114803ce40c1855074d68c4e9dab9e65efba7064c703b400f1767f217dac82715ac1f6d88c74baf47a7971de4ea` 54 55 // From RFC 8410, Section 7. 56 var pkcs8Ed25519PrivateKeyHex = `302e020100300506032b657004220420d4ee72dbf913584ad5b6d8f1f769f8ad3afe7c28cbf1d4fbe097a88f44755842` 57 58 func TestPKCS8(t *testing.T) { 59 tests := []struct { 60 name string 61 keyHex string 62 keyType reflect.Type 63 curve elliptic.Curve 64 }{ 65 { 66 name: "RSA private key", 67 keyHex: pkcs8RSAPrivateKeyHex, 68 keyType: reflect.TypeOf(&rsa.PrivateKey{}), 69 }, 70 { 71 name: "P-224 private key", 72 keyHex: pkcs8P224PrivateKeyHex, 73 keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), 74 curve: elliptic.P224(), 75 }, 76 { 77 name: "P-256 private key", 78 keyHex: pkcs8P256PrivateKeyHex, 79 keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), 80 curve: elliptic.P256(), 81 }, 82 { 83 name: "SM2 P-256 private key", 84 keyHex: pkcs8SM2P256PrivateKeyHex, 85 keyType: reflect.TypeOf(&sm2.PrivateKey{}), 86 curve: sm2.P256(), 87 }, 88 { 89 name: "SM2 private key with ALG=SM2", 90 keyHex: pkcs8SM2PrivateKeyHex, 91 keyType: reflect.TypeOf(&sm2.PrivateKey{}), 92 curve: sm2.P256(), 93 }, 94 { 95 name: "P-384 private key", 96 keyHex: pkcs8P384PrivateKeyHex, 97 keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), 98 curve: elliptic.P384(), 99 }, 100 { 101 name: "P-521 private key", 102 keyHex: pkcs8P521PrivateKeyHex, 103 keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), 104 curve: elliptic.P521(), 105 }, 106 { 107 name: "Ed25519 private key", 108 keyHex: pkcs8Ed25519PrivateKeyHex, 109 keyType: reflect.TypeOf(ed25519.PrivateKey{}), 110 }, 111 } 112 113 for _, test := range tests { 114 derBytes, err := hex.DecodeString(test.keyHex) 115 if err != nil { 116 t.Errorf("%s: failed to decode hex: %s", test.name, err) 117 continue 118 } 119 privKey, err := ParsePKCS8PrivateKey(derBytes) 120 if err != nil { 121 t.Errorf("%s: failed to decode PKCS#8: %s", test.name, err) 122 continue 123 } 124 if reflect.TypeOf(privKey) != test.keyType { 125 t.Errorf("%s: decoded PKCS#8 returned unexpected key type: %T", test.name, privKey) 126 continue 127 } 128 if ecKey, isEC := privKey.(*ecdsa.PrivateKey); isEC && ecKey.Curve != test.curve { 129 t.Errorf("%s: decoded PKCS#8 returned unexpected curve %#v", test.name, ecKey.Curve) 130 continue 131 } 132 reserialised, err := MarshalPKCS8PrivateKey(privKey) 133 if err != nil { 134 t.Errorf("%s: failed to marshal into PKCS#8: %s", test.name, err) 135 continue 136 } 137 if test.name != "SM2 private key with ALG=SM2" && !bytes.Equal(derBytes, reserialised) { 138 t.Errorf("%s: marshaled PKCS#8 didn't match original: got %x, want %x", test.name, reserialised, derBytes) 139 continue 140 } 141 if ecKey, isEC := privKey.(*sm2.PrivateKey); isEC { 142 ecdhKey, err := ecKey.ECDH() 143 if err != nil { 144 t.Errorf("%s: failed to convert to ecdh: %s", test.name, err) 145 continue 146 } 147 reserialised, err := MarshalPKCS8PrivateKey(ecdhKey) 148 if err != nil { 149 t.Errorf("%s: failed to marshal into PKCS#8: %s", test.name, err) 150 continue 151 } 152 if test.name != "SM2 private key with ALG=SM2" && !bytes.Equal(derBytes, reserialised) { 153 t.Errorf("%s: marshaled PKCS#8 didn't match original: got %x, want %x", test.name, reserialised, derBytes) 154 continue 155 } 156 } 157 } 158 } 159 160 const hexPKCS8TestPKCS1Key = "3082025c02010002818100b1a1e0945b9289c4d3f1329f8a982c4a2dcd59bfd372fb8085a9c517554607ebd2f7990eef216ac9f4605f71a03b04f42a5255b158cf8e0844191f5119348baa44c35056e20609bcf9510f30ead4b481c81d7865fb27b8e0090e112b717f3ee08cdfc4012da1f1f7cf2a1bc34c73a54a12b06372d09714742dd7895eadde4aa5020301000102818062b7fa1db93e993e40237de4d89b7591cc1ea1d04fed4904c643f17ae4334557b4295270d0491c161cb02a9af557978b32b20b59c267a721c4e6c956c2d147046e9ae5f2da36db0106d70021fa9343455f8f973a4b355a26fd19e6b39dee0405ea2b32deddf0f4817759ef705d02b34faab9ca93c6766e9f722290f119f34449024100d9c29a4a013a90e35fd1be14a3f747c589fac613a695282d61812a711906b8a0876c6181f0333ca1066596f57bff47e7cfcabf19c0fc69d9cd76df743038b3cb024100d0d3546fecf879b5551f2bd2c05e6385f2718a08a6face3d2aecc9d7e03645a480a46c81662c12ad6bd6901e3bd4f38029462de7290859567cdf371c79088d4f024100c254150657e460ea58573fcf01a82a4791e3d6223135c8bdfed69afe84fbe7857274f8eb5165180507455f9b4105c6b08b51fe8a481bb986a202245576b713530240045700003b7a867d0041df9547ae2e7f50248febd21c9040b12dae9c2feab0d3d4609668b208e4727a3541557f84d372ac68eaf74ce1018a4c9a0ef92682c8fd02405769731480bb3a4570abf422527c5f34bf732fa6c1e08cc322753c511ce055fac20fc770025663ad3165324314df907f1f1942f0448a7e9cdbf87ecd98b92156" 161 const hexPKCS8TestECKey = "3081a40201010430bdb9839c08ee793d1157886a7a758a3c8b2a17a4df48f17ace57c72c56b4723cf21dcda21d4e1ad57ff034f19fcfd98ea00706052b81040022a16403620004feea808b5ee2429cfcce13c32160e1c960990bd050bb0fdf7222f3decd0a55008e32a6aa3c9062051c4cba92a7a3b178b24567412d43cdd2f882fa5addddd726fe3e208d2c26d733a773a597abb749714df7256ead5105fa6e7b3650de236b50" 162 163 var pkcs8MismatchKeyTests = []struct { 164 hexKey string 165 errorContains string 166 }{ 167 {hexKey: hexPKCS8TestECKey, errorContains: "use ParseECPrivateKey instead"}, 168 {hexKey: hexPKCS8TestPKCS1Key, errorContains: "use ParsePKCS1PrivateKey instead"}, 169 } 170 171 func TestPKCS8MismatchKeyFormat(t *testing.T) { 172 for i, test := range pkcs8MismatchKeyTests { 173 derBytes, _ := hex.DecodeString(test.hexKey) 174 _, err := ParsePKCS8PrivateKey(derBytes) 175 if !strings.Contains(err.Error(), test.errorContains) { 176 t.Errorf("#%d: expected error containing %q, got %s", i, test.errorContains, err) 177 } 178 } 179 } 180 181 func TestMarshalPKCS8SM2PrivateKey(t *testing.T) { 182 priv, _ := sm2.GenerateKey(rand.Reader) 183 res, err := MarshalPKCS8PrivateKey(priv) 184 if err != nil { 185 t.Fatalf("%v\n", err) 186 } 187 fmt.Printf("%s\n", hex.EncodeToString(res)) 188 } 189 190 func TestMarshalPKCS8SM9SignPrivateKey(t *testing.T) { 191 masterKey, err := sm9.GenerateSignMasterKey(rand.Reader) 192 if err != nil { 193 t.Fatal(err) 194 } 195 privateKey, err := masterKey.GenerateUserKey([]byte("emmansun"), 0x01) 196 if err != nil { 197 t.Fatal(err) 198 } 199 res, err := MarshalPKCS8PrivateKey(privateKey) 200 if err != nil { 201 t.Fatal(err) 202 } 203 privateKey1, err := ParsePKCS8PrivateKey(res) 204 if err != nil { 205 t.Fatal(err) 206 } 207 privateKey2, ok := privateKey1.(*sm9.SignPrivateKey) 208 if !ok { 209 t.Fatalf("not expected key") 210 } 211 if !privateKey.PrivateKey.Equal(privateKey2.PrivateKey) || 212 !privateKey.MasterPublicKey.Equal(privateKey2.MasterPublicKey) { 213 t.Fatalf("not same key") 214 } 215 } 216 217 func TestMarshalPKCS8SM9EncPrivateKey(t *testing.T) { 218 masterKey, err := sm9.GenerateEncryptMasterKey(rand.Reader) 219 if err != nil { 220 t.Fatal(err) 221 } 222 privateKey, err := masterKey.GenerateUserKey([]byte("emmansun"), 0x01) 223 if err != nil { 224 t.Fatal(err) 225 } 226 res, err := MarshalPKCS8PrivateKey(privateKey) 227 if err != nil { 228 t.Fatal(err) 229 } 230 privateKey1, err := ParsePKCS8PrivateKey(res) 231 if err != nil { 232 t.Fatal(err) 233 } 234 privateKey2, ok := privateKey1.(*sm9.EncryptPrivateKey) 235 if !ok { 236 t.Fatalf("not expected key") 237 } 238 if !privateKey.PrivateKey.Equal(privateKey2.PrivateKey) || 239 !privateKey.MasterPublicKey.Equal(privateKey2.MasterPublicKey) { 240 t.Fatalf("not same key") 241 } 242 } 243 244 func TestMarshalPKCS8SM9SignMasterPrivateKey(t *testing.T) { 245 masterKey, err := sm9.GenerateSignMasterKey(rand.Reader) 246 if err != nil { 247 t.Fatal(err) 248 } 249 res, err := MarshalPKCS8PrivateKey(masterKey) 250 if err != nil { 251 t.Fatal(err) 252 } 253 masterKey1, err := ParsePKCS8PrivateKey(res) 254 if err != nil { 255 t.Fatal(err) 256 } 257 masterKey2, ok := masterKey1.(*sm9.SignMasterPrivateKey) 258 if !ok { 259 t.Fatalf("not expected key") 260 } 261 masterKey2.MasterPublicKey.Marshal() 262 if !(masterKey.D.Cmp(masterKey2.D) == 0 && masterKey.MasterPublicKey.Equal(masterKey2.MasterPublicKey)) { 263 t.Fatalf("not same key") 264 } 265 } 266 267 func TestMarshalPKCS8SM9EncMasterPrivateKey(t *testing.T) { 268 masterKey, err := sm9.GenerateEncryptMasterKey(rand.Reader) 269 if err != nil { 270 t.Fatal(err) 271 } 272 res, err := MarshalPKCS8PrivateKey(masterKey) 273 if err != nil { 274 t.Fatal(err) 275 } 276 masterKey1, err := ParsePKCS8PrivateKey(res) 277 if err != nil { 278 t.Fatal(err) 279 } 280 masterKey2, ok := masterKey1.(*sm9.EncryptMasterPrivateKey) 281 if !ok { 282 t.Fatalf("not expected key") 283 } 284 masterKey2.MasterPublicKey.Marshal() 285 if !(masterKey.D.Cmp(masterKey2.D) == 0 && masterKey.MasterPublicKey.Equal(masterKey2.MasterPublicKey)) { 286 t.Fatalf("not same key") 287 } 288 }