hickory_proto/rr/dnssec/
key_format.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
/// The format of the binary key
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub enum KeyFormat {
    /// A der encoded key
    Der,
    /// A pem encoded key, the default of OpenSSL
    Pem,
    /// Pkcs8, a pkcs8 formatted private key
    Pkcs8,
}

#[cfg(test)]
mod tests {
    #![allow(clippy::dbg_macro, clippy::print_stdout)]

    use super::*;
    use crate::rr::dnssec::keypair::decode_key;
    use crate::rr::dnssec::Algorithm;
    #[cfg(feature = "dnssec-openssl")]
    use crate::rr::dnssec::{EcSigningKey, RsaSigningKey};
    #[cfg(feature = "dnssec-ring")]
    use crate::rr::dnssec::{EcdsaSigningKey, Ed25519SigningKey};

    #[test]
    #[cfg(feature = "dnssec-openssl")]
    fn test_rsa_encode_decode_der() {
        let algorithm = Algorithm::RSASHA256;
        let key = RsaSigningKey::generate(algorithm).unwrap();
        let der = key.encode_der().unwrap();
        decode_key(&der, None, algorithm, KeyFormat::Der).unwrap();
    }

    #[test]
    #[cfg(feature = "dnssec-openssl")]
    fn test_rsa_encode_decode_pem() {
        let algorithm = Algorithm::RSASHA256;
        let key = RsaSigningKey::generate(algorithm).unwrap();
        let pem = key.encode_pem(None).unwrap();
        decode_key(&pem, None, algorithm, KeyFormat::Pem).unwrap();

        let encrypted = key.encode_pem(Some("test password")).unwrap();
        decode_key(&encrypted, Some("test password"), algorithm, KeyFormat::Pem).unwrap();
    }

    #[test]
    #[cfg(feature = "dnssec-openssl")]
    fn test_ec_encode_decode_der() {
        let algorithm = Algorithm::ECDSAP256SHA256;
        let key = EcSigningKey::generate(algorithm).unwrap();
        let der = key.encode_der().unwrap();
        decode_key(&der, None, algorithm, KeyFormat::Der).unwrap();
    }

    #[test]
    #[cfg(feature = "dnssec-openssl")]
    fn test_ec_encode_decode_pem() {
        let algorithm = Algorithm::ECDSAP256SHA256;
        let key = EcSigningKey::generate(algorithm).unwrap();
        let pem = key.encode_pem(None).unwrap();
        decode_key(&pem, None, algorithm, KeyFormat::Pem).unwrap();

        let encrypted = key.encode_pem(Some("test password")).unwrap();
        decode_key(&encrypted, Some("test password"), algorithm, KeyFormat::Pem).unwrap();
    }

    #[test]
    #[cfg(feature = "dnssec-ring")]
    fn test_ec_encode_decode_pkcs8() {
        let algorithm = Algorithm::ECDSAP256SHA256;
        let pkcs8 = EcdsaSigningKey::generate_pkcs8(algorithm).unwrap();
        decode_key(&pkcs8, None, algorithm, KeyFormat::Pkcs8).unwrap();
    }

    #[test]
    #[cfg(feature = "dnssec-ring")]
    fn test_ed25519_encode_decode_pkcs8() {
        let pkcs8 = Ed25519SigningKey::generate_pkcs8().unwrap();
        decode_key(&pkcs8, None, Algorithm::ED25519, KeyFormat::Pkcs8).unwrap();
    }
}