include regression tests about EC private key loading in RFC 5915 format

- the private key is actually obfuscated with 000000 base-64 pattern - but it is enough to validate proper parsing and TJwtCrypt logic
synopse · May 17, 2024 · 10399d7 · 10399d7
1 parent 4dd41ad
commit 10399d7
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/src/crypt/mormot.crypt.secure.pas b/src/crypt/mormot.crypt.secure.pas
@@ -1719,7 +1719,7 @@   TCryptAbstractKey = class;
   ICryptPrivateKey = interface
     /// unserialized the private key from DER binary or PEM text
     // - this instance should be void, i.e. just created with no prior Load
-    // - will also ensure the private key do match the associated public key
+    // - also ensure the private key do match an associated public key (if not nil)
     // - is able to decode and potentially decrypt a serialized key, with a
     // PKCS#8 Password for OpenSSL, and our proprietary PrivateKeyDecrypt()
     function Load(Algorithm: TCryptKeyAlgo; const AssociatedKey: ICryptPublicKey;

diff --git a/src/mormot.commit.inc b/src/mormot.commit.inc
@@ -1 +1 @@
-'2.2.7519'
+'2.2.7520'
diff --git a/test/test.core.crypt.pas b/test/test.core.crypt.pas
@@ -979,6 +979,16 @@ procedure TTestCoreCrypto._JWT;
   finally
     j.Free;
   end;
+  j := TJwtCrypt.Create(caaES256, '-----BEGIN EC PRIVATE KEY-----'#13#10 +
+    'MHcCAQEEIP00000000000000000000000000000000000000000roAoGCCqGSM49'#13#10 +
+    'AwEHoUQDQgAEoIQ8m1iBHYoxrdLT1A6MH9naG+hk/ccw/Ij0p9Mk7JmNdzCUeEjz'#13#10 +
+    'lU5/E683I9PZaz2/5RFj1HfKPTgDkxQFkA=='#13#10 +
+    '-----END EC PRIVATE KEY-----'#13#10, [jrcAudience], ['aud'], 60);
+  try
+    CheckEqual(j.Algorithm, 'ES256');
+  finally
+    j.Free;
+  end;
   for i := 1 to 10 do
   begin
     secret := TEccCertificateSecret.CreateNew(nil); // self-signed certificate