Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tests for PKCS#8 private keys #26898

Closed
Closed
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions test/fixtures/test_dsa_pkcs8_privkey.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
-----BEGIN PRIVATE KEY-----
MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQC5CYW1vZHbx/Ytm+/m+oseHbre
kOd40VOSybqo6Us2NysFq+46rNlnR28Lkolg4nv+XK6YTlB3XbEwbibYa1uwCuAE
io/Zs2rfOpGNwp31Fg3pb8ZhFrnjmhrQhZfRT6bXXw3hvyXitjgQkwIsRL5OUYlQ
CEIbf+LsogikQez2+xaYYkqUqSYdb48IkVtDTMweWslpDKUmIfH1cy0osqMC97GR
8EXXvhK7sig2hhHtj+NFGA7majfEFmTd0mafZBlEFodqvkwV1q7TTMrDWgkO2lcc
2DEMjZ9on9xVszRhNCGIwuFJLhWBKfNZ59X7LUxEfkelpce0Kr5eFmxwN4n3AiEA
pK7pu7TqHqiIoGDmAyUm71gx3V5T3mNaih8Y/9h7dMsCggEAJNtfC6LqpU84UMz+
nsxSch/ylDx1lyh3rOGZ9Wn+2tIhahI+hqDwmPeHvymzDHh2QjuXgzeZmo1753CB
CtYdU0GnumSEEUUCiTBbSsX6Zy0VI4w/Qy3WV5IoXXkF9YsbkC8JhPq9jHLa5Qt5
59TF+347OFso5ae+XkkZ8C112UyKnYzvniqlbj0Cb4E7FadCzSggC9c2drYE12Mx
QEEbddAVNty5wpjh3Qd2y8kKPDSn4OCrSIXAL8WDXJk507RL5moqKnwis/3iPUXi
U7s8QmJP4B8Mn4vDM1O0rORCmz9KXz0f5M0lw39jdA/AG0fNNz86KCFTPdXz/Iz1
ThphTQQiAiAhjvXffKp1V3nMiUUUsYzS2Msn14bBFiBwSdNgitRwEA==
-----END PRIVATE KEY-----
16 changes: 16 additions & 0 deletions test/fixtures/test_rsa_pkcs8_privkey.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
-----BEGIN PRIVATE KEY-----
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMIUQ0bDffIaKHL3
akONlCGXQLfqs8mP4K99ILz6rbyHEDXrVAU1R3XfC4JNRyrRB3aqwF7/aEXJzYMI
kmDSHUvvz7pnhQxHsQ5yl91QT0d/eb+Gz4VRHjm4El4MrUdIUcPxscoPqS/wU8Z8
lOi1z7bGMnChiL7WGqnV8h6RrGzJAgMBAAECgYEAlHxmQJS/HmTO/6612XtPkyei
t1PVO+hdckZcrtln5S68w1QJ03ZA9ziwGIBBa8vDVxIq3kOwpnxQROlg/Lyk9iec
MTPZ0NiJp7D37ESm5vJ5bagfhnHvXCoG04qSrCtdr+nN2mK5xFGOTq8TphjsQEGz
+Du5qdWkaJs5UASyofUCQQDsOSNUfbxYNSB/Weq9+fYqPoJPuchwTeMYmxlnvOVm
YGYcUM40wtStdH9mbelHmbS0KYGprlEr3m7jXaO3V08jAkEA0lPe/ymeS2HjxtCj
98p6Xq4RjJuhG0Dn+4e4eRnoVAXs5SQaiByZImW451zm3qEjVWwufRBkSNBkwQ5a
v7ApIwJBAILiRckSwcC97vug/oe0b8iISfuSnJRdE28WwMTRzOkkkG8v9pEVQnG5
Er3WOGMLrywDs2wowaDk5dvkjkmPfrECQQCAhPtoU5gEXAaBABCRY0ou/JKApsBl
FN4sFpykcy5B2XUN92e28DKqkBnSVjREqZYbpoUpqpB85coLJahSJWSdAkBeuWDJ
IVyL/a54qUgTVCoiItJnxXw6WkUtGdvWnMjtTXJBedMAQVgznrTImXNSk5vVXhxJ
wZ3frm2JIy/Es69M
-----END PRIVATE KEY-----
52 changes: 51 additions & 1 deletion test/parallel/test-crypto-rsa-dsa.js
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ const dsaPubPem = fixtures.readSync('test_dsa_pubkey.pem', 'ascii');
const dsaKeyPem = fixtures.readSync('test_dsa_privkey.pem', 'ascii');
const dsaKeyPemEncrypted = fixtures.readSync('test_dsa_privkey_encrypted.pem',
'ascii');
const rsaPkcs8KeyPem = fixtures.readSync('test_rsa_pkcs8_privkey.pem');
const dsaPkcs8KeyPem = fixtures.readSync('test_dsa_pkcs8_privkey.pem');

const decryptError =
/^Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt$/;
Expand All @@ -35,6 +37,9 @@ const decryptError =
let decryptedBuffer = crypto.privateDecrypt(rsaKeyPem, encryptedBuffer);
assert.strictEqual(decryptedBuffer.toString(), input);

decryptedBuffer = crypto.privateDecrypt(rsaPkcs8KeyPem, encryptedBuffer);
assert.strictEqual(decryptedBuffer.toString(), input);

let decryptedBufferWithPassword = crypto.privateDecrypt({
key: rsaKeyPemEncrypted,
passphrase: 'password'
Expand Down Expand Up @@ -119,11 +124,17 @@ function test_rsa(padding) {
padding: padding
}, bufferToEncrypt);

const decryptedBuffer = crypto.privateDecrypt({
let decryptedBuffer = crypto.privateDecrypt({
key: rsaKeyPem,
padding: padding
}, encryptedBuffer);
assert.deepStrictEqual(decryptedBuffer, input);

decryptedBuffer = crypto.privateDecrypt({
key: rsaPkcs8KeyPem,
padding: padding
}, encryptedBuffer);
assert.deepStrictEqual(decryptedBuffer, input);
}

test_rsa('RSA_NO_PADDING');
Expand All @@ -150,6 +161,16 @@ assert.strictEqual(rsaSignature, expectedSignature);
rsaVerify.update(rsaPubPem);
assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true);

// Test RSA pkcs8 key signing/verification
BridgeAR marked this conversation as resolved.
Show resolved Hide resolved
rsaSign = crypto.createSign('SHA1');
rsaSign.update(rsaPubPem);
rsaSignature = rsaSign.sign(rsaPkcs8KeyPem, 'hex');
assert.strictEqual(rsaSignature, expectedSignature);

rsaVerify = crypto.createVerify('SHA1');
rsaVerify.update(rsaPubPem);
assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true);

// Test RSA key signing/verification with encrypted key
rsaSign = crypto.createSign('SHA1');
rsaSign.update(rsaPubPem);
Expand Down Expand Up @@ -238,6 +259,35 @@ assert.throws(() => {
}


//
// Test DSA signing and verification with PKCS#8 private key
//
{
const input = 'I AM THE WALRUS';

// DSA signatures vary across runs so there is no static string to verify
// against
BridgeAR marked this conversation as resolved.
Show resolved Hide resolved
const sign = crypto.createSign('SHA1');
sign.update(input);
const signature = sign.sign(dsaPkcs8KeyPem, 'hex');

const verify = crypto.createVerify('SHA1');
verify.update(input);

assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);

// Test the legacy 'DSS1' name.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd be okay with dropping this, that's already checked around line 250.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my curious, is DSS1 same as SHA-1? 🤔
I found following line in Node.js Project but I couldn't find what happened historically about the relationship between DSS1 and SHA-1 from Google search.

// Historically, "dss1" and "DSS1" were DSA aliases for SHA-1

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DSS1 stands for DSA (Digital Signature Algorithm) with SHA-1 as the hash function. It's a long-deprecated (and now removed) openssl synonym from when openssl conflated public key algorithms with their hash functions.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. Thanks 👍 👍 👍

const sign2 = crypto.createSign('DSS1');
sign2.update(input);
const signature2 = sign2.sign(dsaPkcs8KeyPem, 'hex');

const verify2 = crypto.createVerify('DSS1');
verify2.update(input);

assert.strictEqual(verify2.verify(dsaPubPem, signature2, 'hex'), true);
}


//
// Test DSA signing and verification with encrypted key
//
Expand Down