diff --git a/tests/ecdsa_from_der_tests.txt b/tests/ecdsa_from_der_tests.txt new file mode 100644 index 0000000000..10bf62d067 --- /dev/null +++ b/tests/ecdsa_from_der_tests.txt @@ -0,0 +1,13 @@ +Curve = P-256 +Input = 30770201010420090460075f15d2a256248000fb02d83ad77593dde4ae59fc5e96142dffb2bd07a00a06082a8648ce3d030107a14403420004cf0d13a3a7577231ea1b66cf4021cd54f21f4ac4f5f2fdd28e05bc7d2bd099d1374cd08d2ef654d6f04498db462f73e0282058dd661a4c9b0437af3f7af6e724 + +Curve = P-384 +Input = 3081a40201010430fc0603810412769beeabbf97ce9764e104bca45b3b7428006fb42d1fa69a344bf475ce17bf06daf553c4eccffcfecc26a00706052b81040022a1640362000417e425506a81d85e607a3caeaccbe6cc7ef58b559115b9867175ef9911f66ea77eb5b7f43e42f3129a1fe2841f6717ed4fc02bf8cfe2d10cac06a150dcba7ae9f035ec9b6b034a4ddc554da7c2da4719a1d990097fbb451a3ea1e664fc444cfa + +# A P-256 key where the ECPrivateKey contains a parameters field that matches the PKCS#8 algorithm identifier. +Curve = P-256 +Input = 30770201010420090460075f15d2a256248000fb02d83ad77593dde4ae59fc5e96142dffb2bd07a00a06082a8648ce3d030107a14403420004cf0d13a3a7577231ea1b66cf4021cd54f21f4ac4f5f2fdd28e05bc7d2bd099d1374cd08d2ef654d6f04498db462f73e0282058dd661a4c9b0437af3f7af6e724 + +# A P-384 key where the ECPrivateKey contains a parameters field identifying P-384. +Curve = P-384 +Input = 3081a40201010430fc0603810412769beeabbf97ce9764e104bca45b3b7428006fb42d1fa69a344bf475ce17bf06daf553c4eccffcfecc26a00706052b81040022a1640362000417e425506a81d85e607a3caeaccbe6cc7ef58b559115b9867175ef9911f66ea77eb5b7f43e42f3129a1fe2841f6717ed4fc02bf8cfe2d10cac06a150dcba7ae9f035ec9b6b034a4ddc554da7c2da4719a1d990097fbb451a3ea1e664fc444cfa diff --git a/tests/ecdsa_tests.rs b/tests/ecdsa_tests.rs index 455940e3f8..c13c896fea 100644 --- a/tests/ecdsa_tests.rs +++ b/tests/ecdsa_tests.rs @@ -86,6 +86,67 @@ fn ecdsa_from_pkcs8_test() { ); } +#[test] +fn ecdsa_from_der_test() { + test::run( + test_file!("ecdsa_from_der_tests.txt"), + |section, test_case| { + assert_eq!(section, ""); + + let curve_name = test_case.consume_string("Curve"); + let ((this_fixed, this_asn1), (other_fixed, other_asn1)) = match curve_name.as_str() { + "P-256" => ( + ( + &signature::ECDSA_P256_SHA256_FIXED_SIGNING, + &signature::ECDSA_P256_SHA256_ASN1_SIGNING, + ), + ( + &signature::ECDSA_P384_SHA384_FIXED_SIGNING, + &signature::ECDSA_P384_SHA384_ASN1_SIGNING, + ), + ), + "P-384" => ( + ( + &signature::ECDSA_P384_SHA384_FIXED_SIGNING, + &signature::ECDSA_P384_SHA384_ASN1_SIGNING, + ), + ( + &signature::ECDSA_P256_SHA256_FIXED_SIGNING, + &signature::ECDSA_P256_SHA256_ASN1_SIGNING, + ), + ), + _ => unreachable!(), + }; + + let input = test_case.consume_bytes("Input"); + + let error = test_case.consume_optional_string("Error"); + + match ( + signature::EcdsaKeyPair::from_der(this_fixed, &input), + error.clone(), + ) { + (Ok(_), None) => (), + (Err(e), None) => panic!("Failed with error \"{}\", but expected to succeed", e), + (Ok(_), Some(e)) => panic!("Succeeded, but expected error \"{}\"", e), + (Err(actual), Some(expected)) => assert_eq!(format!("{}", actual), expected), + }; + + match (signature::EcdsaKeyPair::from_der(this_asn1, &input), error) { + (Ok(_), None) => (), + (Err(e), None) => panic!("Failed with error \"{}\", but expected to succeed", e), + (Ok(_), Some(e)) => panic!("Succeeded, but expected error \"{}\"", e), + (Err(actual), Some(expected)) => assert_eq!(format!("{}", actual), expected), + }; + + assert!(signature::EcdsaKeyPair::from_der(other_fixed, &input).is_err()); + assert!(signature::EcdsaKeyPair::from_der(other_asn1, &input).is_err()); + + Ok(()) + }, + ); +} + // Verify that, at least, we generate PKCS#8 documents that we can read. #[test] fn ecdsa_generate_pkcs8_test() {