pkcs8: add example test

2025-04-28 05:06:18 +08:00 · 2023-02-01 17:28:49 +08:00 · 2023-02-01 17:28:49 +08:00 · ff2b695500
commit ff2b695500
parent e3db7656a6
2 changed files with 275 additions and 0 deletions
--- a/pkcs8/example_test.go
+++ b/pkcs8/example_test.go
@ -0,0 +1,226 @@
+package pkcs8_test
+
+import (
+	"encoding/hex"
+	"encoding/pem"
+	"fmt"
+	"math/big"
+	"os"
+
+	"github.com/emmansun/gmsm/pkcs8"
+	"github.com/emmansun/gmsm/sm2"
+)
+
+func ExampleMarshalPrivateKey_withoutPassword() {
+	// real private key should be from secret storage, or generate directly
+	privKey, _ := hex.DecodeString("6c5a0a0b2eed3cbec3e4f1252bfe0e28c504a1c6bf1999eebb0af9ef0f8e6c85")
+	d := new(big.Int).SetBytes(privKey)
+	testkey := new(sm2.PrivateKey)
+	testkey.Curve = sm2.P256()
+	testkey.D = d
+	testkey.PublicKey.X, testkey.PublicKey.Y = testkey.ScalarBaseMult(testkey.D.Bytes())
+
+	// generate der bytes
+	der, err := pkcs8.MarshalPrivateKey(testkey, nil, nil)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from MarshalPrivateKey: %s\n", err)
+		return
+	}
+
+	// ecode to pem
+	block := &pem.Block{Bytes: der, Type: "PRIVATE KEY"}
+	pemContent := string(pem.EncodeToMemory(block))
+	fmt.Printf("%v\n", pemContent)
+}
+
+func ExampleParsePrivateKey_withoutPassword() {
+	const privateKeyPem = `
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgbFoKCy7tPL7D5PEl
+K/4OKMUEoca/GZnuuwr57w+ObIWhRANCAASDVuZCpA69GNKbo1MvvZ87vujwJ8P2
+85pbovhwNp+ZiJgfXv5V0cXN9sDvKwcIR6FPf99CcqjfCcRC8wWK+Uuh
+-----END PRIVATE KEY-----`
+	block, _ := pem.Decode([]byte(privateKeyPem))
+	if block == nil {
+		fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n")
+		return
+	}
+	pk, params, err := pkcs8.ParsePrivateKey(block.Bytes, nil)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from ParsePrivateKey: %s\n", err)
+		return
+	}
+	if params == nil && pk != nil {
+		fmt.Println("ok")
+	} else {
+		fmt.Println("fail")
+	}
+	// Output: ok
+}
+
+func ExampleParsePKCS8PrivateKey_withoutPassword() {
+	const privateKeyPem = `
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgbFoKCy7tPL7D5PEl
+K/4OKMUEoca/GZnuuwr57w+ObIWhRANCAASDVuZCpA69GNKbo1MvvZ87vujwJ8P2
+85pbovhwNp+ZiJgfXv5V0cXN9sDvKwcIR6FPf99CcqjfCcRC8wWK+Uuh
+-----END PRIVATE KEY-----`
+	block, _ := pem.Decode([]byte(privateKeyPem))
+	if block == nil {
+		fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n")
+		return
+	}
+	pk, err := pkcs8.ParsePKCS8PrivateKey(block.Bytes)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from ParsePKCS8PrivateKey: %s\n", err)
+		return
+	}
+	if pk != nil {
+		fmt.Println("ok")
+	} else {
+		fmt.Println("fail")
+	}
+	// Output: ok
+}
+
+func ExampleParsePKCS8PrivateKeySM2_withoutPassword() {
+	const privateKeyPem = `
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgbFoKCy7tPL7D5PEl
+K/4OKMUEoca/GZnuuwr57w+ObIWhRANCAASDVuZCpA69GNKbo1MvvZ87vujwJ8P2
+85pbovhwNp+ZiJgfXv5V0cXN9sDvKwcIR6FPf99CcqjfCcRC8wWK+Uuh
+-----END PRIVATE KEY-----`
+	block, _ := pem.Decode([]byte(privateKeyPem))
+	if block == nil {
+		fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n")
+		return
+	}
+	pk, err := pkcs8.ParsePKCS8PrivateKeySM2(block.Bytes)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from ParsePKCS8PrivateKeySM2: %s\n", err)
+		return
+	}
+	if pk != nil {
+		fmt.Println("ok")
+	} else {
+		fmt.Println("fail")
+	}
+	// Output: ok
+}
+
+func ExampleMarshalPrivateKey() {
+	// real private key should be from secret storage, or generate directly
+	privKey, _ := hex.DecodeString("6c5a0a0b2eed3cbec3e4f1252bfe0e28c504a1c6bf1999eebb0af9ef0f8e6c85")
+	d := new(big.Int).SetBytes(privKey)
+	testkey := new(sm2.PrivateKey)
+	testkey.Curve = sm2.P256()
+	testkey.D = d
+	testkey.PublicKey.X, testkey.PublicKey.Y = testkey.ScalarBaseMult(testkey.D.Bytes())
+
+	password := []byte("Password1")
+	opts := &pkcs8.Opts{
+		Cipher: pkcs8.SM4CBC,
+		KDFOpts: pkcs8.PBKDF2Opts{
+			SaltSize: 16, IterationCount: 16, HMACHash: pkcs8.SM3,
+		},
+	}
+	// generate der bytes
+	der, err := pkcs8.MarshalPrivateKey(testkey, password, opts)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from MarshalPrivateKey: %s\n", err)
+		return
+	}
+
+	// ecode to pem
+	block := &pem.Block{Bytes: der, Type: "ENCRYPTED PRIVATE KEY"}
+	pemContent := string(pem.EncodeToMemory(block))
+	fmt.Printf("%v\n", pemContent)
+}
+
+func ExampleParsePrivateKey() {
+	const privateKeyPem = `
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIH2MGEGCSqGSIb3DQEFDTBUMDQGCSqGSIb3DQEFDDAnBBDa6ckWJNP3QBD7MIF8
+4nVqAgEQAgEQMA0GCSqBHM9VAYMRAgUAMBwGCCqBHM9VAWgCBBDMUgr+5Y/XN2g9
+mPGiISzGBIGQytwK98/ET4WrS0H7AsUri6FTqztrzAvgzFl3+s9AsaYtUlzE3EzE
+x6RWxo8kpKO2yj0a/Jh9WZCD4XAcoZ9aMopiWlOdpXJr/iQlMGdirCYIoF37lHMc
+jZHNffmk4ii7NxCfjrzpiFq4clYsNMXeSEnq1tuOEur4kYcjHYSIFc9bPG656a60
+SIJsJuPFi0f
+-----END ENCRYPTED PRIVATE KEY-----`
+	password := []byte("Password1")
+
+	block, _ := pem.Decode([]byte(privateKeyPem))
+	if block == nil {
+		fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n")
+		return
+	}
+	pk, params, err := pkcs8.ParsePrivateKey(block.Bytes, password)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from ParsePrivateKey: %s\n", err)
+		return
+	}
+	if params != nil && pk != nil {
+		fmt.Println("ok")
+	} else {
+		fmt.Println("fail")
+	}
+	// Output: ok
+}
+
+func ExampleParsePKCS8PrivateKey() {
+	const privateKeyPem = `
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIH2MGEGCSqGSIb3DQEFDTBUMDQGCSqGSIb3DQEFDDAnBBDa6ckWJNP3QBD7MIF8
+4nVqAgEQAgEQMA0GCSqBHM9VAYMRAgUAMBwGCCqBHM9VAWgCBBDMUgr+5Y/XN2g9
+mPGiISzGBIGQytwK98/ET4WrS0H7AsUri6FTqztrzAvgzFl3+s9AsaYtUlzE3EzE
+x6RWxo8kpKO2yj0a/Jh9WZCD4XAcoZ9aMopiWlOdpXJr/iQlMGdirCYIoF37lHMc
+jZHNffmk4ii7NxCfjrzpiFq4clYsNMXeSEnq1tuOEur4kYcjHYSIFc9bPG656a60
+SIJsJuPFi0f
+-----END ENCRYPTED PRIVATE KEY-----`
+	password := []byte("Password1")
+	block, _ := pem.Decode([]byte(privateKeyPem))
+	if block == nil {
+		fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n")
+		return
+	}
+	pk, err := pkcs8.ParsePKCS8PrivateKey(block.Bytes, password)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from ParsePKCS8PrivateKey: %s\n", err)
+		return
+	}
+	if pk != nil {
+		fmt.Println("ok")
+	} else {
+		fmt.Println("fail")
+	}
+	// Output: ok
+}
+
+func ExampleParsePKCS8PrivateKeySM2() {
+	const privateKeyPem = `
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIH2MGEGCSqGSIb3DQEFDTBUMDQGCSqGSIb3DQEFDDAnBBDa6ckWJNP3QBD7MIF8
+4nVqAgEQAgEQMA0GCSqBHM9VAYMRAgUAMBwGCCqBHM9VAWgCBBDMUgr+5Y/XN2g9
+mPGiISzGBIGQytwK98/ET4WrS0H7AsUri6FTqztrzAvgzFl3+s9AsaYtUlzE3EzE
+x6RWxo8kpKO2yj0a/Jh9WZCD4XAcoZ9aMopiWlOdpXJr/iQlMGdirCYIoF37lHMc
+jZHNffmk4ii7NxCfjrzpiFq4clYsNMXeSEnq1tuOEur4kYcjHYSIFc9bPG656a60
+SIJsJuPFi0f
+-----END ENCRYPTED PRIVATE KEY-----`
+	password := []byte("Password1")
+	block, _ := pem.Decode([]byte(privateKeyPem))
+	if block == nil {
+		fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n")
+		return
+	}
+	pk, err := pkcs8.ParsePKCS8PrivateKeySM2(block.Bytes, password)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from ParsePKCS8PrivateKeySM2: %s\n", err)
+		return
+	}
+	if pk != nil {
+		fmt.Println("ok")
+	} else {
+		fmt.Println("fail")
+	}
+	// Output: ok
+}
--- a/smx509/example_test.go
+++ b/smx509/example_test.go
@ -0,0 +1,49 @@
+package smx509_test
+
+import (
+	"crypto/dsa"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/rsa"
+	"encoding/pem"
+	"fmt"
+
+	"github.com/emmansun/gmsm/sm2"
+	"github.com/emmansun/gmsm/smx509"
+)
+
+func ExampleParsePKIXPublicKey() {
+	const pubPEM = `
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAENpoOih+9ASfmKYx5lK5mLsrUK3Am
+B6kLUsqHlVyglXgoMEwo8Sr8xb/Q3gDMNnd7Wyp2bJE9ksb60ansO4QaKg==
+-----END PUBLIC KEY-----`
+
+	block, _ := pem.Decode([]byte(pubPEM))
+	if block == nil {
+		panic("failed to parse PEM block containing the public key")
+	}
+
+	pub, err := smx509.ParsePKIXPublicKey(block.Bytes)
+	if err != nil {
+		panic("failed to parse DER encoded public key: " + err.Error())
+	}
+
+	switch pub := pub.(type) {
+	case *rsa.PublicKey:
+		fmt.Println("pub is of type RSA:", pub)
+	case *dsa.PublicKey:
+		fmt.Println("pub is of type DSA:", pub)
+	case *ecdsa.PublicKey:
+		fmt.Println("pub is of type ECDSA:", pub.Curve.Params().Name)
+	case ed25519.PublicKey:
+		fmt.Println("pub is of type Ed25519:", pub)
+	default:
+		panic("unknown type of public key")
+	}
+	isSM2 := sm2.IsSM2PublicKey(pub)
+	fmt.Printf("%v\n", isSM2)
+	// Output:
+	// pub is of type ECDSA: sm2p256v1
+	// true
+}