Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x509-cert: fixup usage of ecdsa signer #1043

Merged
merged 1 commit into from
May 4, 2023
Merged

x509-cert: fixup usage of ecdsa signer #1043

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions x509-cert/src/builder.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,7 @@ where
/// Builder for X509 Certificate Requests
///
/// ```
/// # use p256::{pkcs8::DecodePrivateKey, NistP256};
/// # use p256::{pkcs8::DecodePrivateKey, NistP256, ecdsa::DerSignature};
/// # const PKCS8_PRIVATE_KEY_DER: &[u8] = include_bytes!("../tests/examples/p256-priv.der");
/// # fn ecdsa_signer() -> ecdsa::SigningKey<NistP256> {
/// # let secret_key = p256::SecretKey::from_pkcs8_der(PKCS8_PRIVATE_KEY_DER).unwrap();
Expand All @@ -353,7 +353,7 @@ where
/// ))]))
/// .unwrap();
///
/// let cert_req = builder.build::<ecdsa::Signature<NistP256>>().unwrap();
/// let cert_req = builder.build::<DerSignature>().unwrap();
/// ```
pub struct RequestBuilder<'s, S> {
info: CertReqInfo,
Expand Down
42 changes: 37 additions & 5 deletions x509-cert/tests/builder.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#![cfg(all(feature = "builder", feature = "pem"))]

use der::{pem::LineEnding, Decode, Encode, EncodePem};
use p256::{pkcs8::DecodePrivateKey, NistP256};
use p256::{ecdsa::DerSignature, pkcs8::DecodePrivateKey, NistP256};
use rsa::pkcs1::DecodeRsaPrivateKey;
use rsa::pkcs1v15::SigningKey;
use sha2::Sha256;
Expand All @@ -17,6 +17,7 @@ use x509_cert::{
use x509_cert_test_support::{openssl, zlint};

const RSA_2048_DER_EXAMPLE: &[u8] = include_bytes!("examples/rsa2048-pub.der");
const PKCS8_PUBLIC_KEY_DER: &[u8] = include_bytes!("examples/p256-pub.der");

#[test]
fn root_ca_certificate() {
Expand Down Expand Up @@ -45,6 +46,33 @@ fn root_ca_certificate() {
zlint::check_certificate(pem.as_bytes(), ignored);
}

#[test]
fn root_ca_certificate_ecdsa() {
let serial_number = SerialNumber::from(42u32);
let validity = Validity::from_now(Duration::new(5, 0)).unwrap();
let profile = Profile::Root;
let subject = Name::from_str("CN=World domination corporation,O=World domination Inc,C=US")
.unwrap()
.to_der()
.unwrap();
let subject = Name::from_der(&subject).unwrap();
let pub_key =
SubjectPublicKeyInfoOwned::try_from(PKCS8_PUBLIC_KEY_DER).expect("get ecdsa pub key");

let signer = ecdsa_signer();
let builder =
CertificateBuilder::new(profile, serial_number, validity, subject, pub_key, &signer)
.expect("Create certificate");

let certificate = builder.build::<DerSignature>().unwrap();

let pem = certificate.to_pem(LineEnding::LF).expect("generate pem");
println!("{}", openssl::check_certificate(pem.as_bytes()));

let ignored = &[];
zlint::check_certificate(pem.as_bytes(), ignored);
}

#[test]
fn sub_ca_certificate() {
let serial_number = SerialNumber::from(42u32);
Expand All @@ -67,7 +95,7 @@ fn sub_ca_certificate() {
CertificateBuilder::new(profile, serial_number, validity, subject, pub_key, &signer)
.expect("Create certificate");

let certificate = builder.build::<ecdsa::Signature<NistP256>>().unwrap();
let certificate = builder.build::<DerSignature>().unwrap();

let pem = certificate.to_pem(LineEnding::LF).expect("generate pem");
println!("{}", openssl::check_certificate(pem.as_bytes()));
Expand Down Expand Up @@ -113,7 +141,7 @@ fn leaf_certificate() {
)
.expect("Create certificate");

let certificate = builder.build::<ecdsa::Signature<NistP256>>().unwrap();
let certificate = builder.build::<DerSignature>().unwrap();

let pem = certificate.to_pem(LineEnding::LF).expect("generate pem");
println!("{}", openssl::check_certificate(pem.as_bytes()));
Expand Down Expand Up @@ -149,7 +177,7 @@ fn leaf_certificate() {
CertificateBuilder::new(profile, serial_number, validity, subject, pub_key, &signer)
.expect("Create certificate");

let certificate = builder.build::<ecdsa::Signature<NistP256>>().unwrap();
let certificate = builder.build::<DerSignature>().unwrap();

let pem = certificate.to_pem(LineEnding::LF).expect("generate pem");
println!("{}", openssl::check_certificate(pem.as_bytes()));
Expand Down Expand Up @@ -249,7 +277,11 @@ fn certificate_request() {
))]))
.unwrap();

let cert_req = builder.build::<ecdsa::Signature<NistP256>>().unwrap();
let cert_req = builder.build::<DerSignature>().unwrap();
let pem = cert_req.to_pem(LineEnding::LF).expect("generate pem");
use std::fs::File;
use std::io::Write;
let mut file = File::create("/tmp/ecdsa.csr").expect("create pem file");
file.write_all(pem.as_bytes()).expect("Create pem file");
println!("{}", openssl::check_request(pem.as_bytes()));
}
Binary file added x509-cert/tests/examples/p256-pub.der
View file
Open in desktop
Binary file not shown.