Test cases for our new PKCS#8 test vectors

tests/hazmat/primitives/test_serialization.py

@@ -10,6 +10,7 @@
 
 import pytest
 
+from cryptography.hazmat.decrepit.ciphers.algorithms import RC2
 from cryptography.hazmat.primitives.asymmetric import (
     dsa,
     ec,
@@ -19,6 +20,7 @@
     x448,
     x25519,
 )
+from cryptography.hazmat.primitives.ciphers import modes
 from cryptography.hazmat.primitives.hashes import SHA1
 from cryptography.hazmat.primitives.serialization import (
     BestAvailableEncryption,
@@ -461,6 +463,70 @@ def test_load_pkcs8_private_key_unknown_kdf(self):
         with pytest.raises(ValueError):
             load_pem_private_key(data, password=b"password")
 
+    @pytest.mark.parametrize(
+        "filename",
+        [
+            "rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem",
+            "rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem",
+            "rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem",
+        ],
+    )
+    def test_load_pkscs8_pbkdf_prf(self, filename: str):
+        key = load_vectors_from_file(
+            os.path.join("asymmetric", "PKCS8", filename),
+            lambda f: load_pem_private_key(f.read(), password=b"PolarSSLTest"),
+            mode="rb",
+        )
+        assert isinstance(key, rsa.RSAPrivateKey)
+        assert key.key_size == 2048
+
+    def test_load_pkcs8_40_bit_rc2(self):
+        key = load_vectors_from_file(
+            os.path.join("asymmetric", "PKCS8", "rsa-40bitrc2.pem"),
+            lambda f: load_pem_private_key(f.read(), password=b"baz"),
+            mode="rb",
+        )
+        assert isinstance(key, rsa.RSAPrivateKey)
+        assert key.key_size == 1024
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            RC2(b"\x00" * 16), modes.CBC(b"\x00" * 8)
+        ),
+        skip_message="Does not support RC2 CBC",
+    )
+    def test_load_pkcs8_rc2_cbc(self):
+        key = load_vectors_from_file(
+            os.path.join("asymmetric", "PKCS8", "rsa-rc2-cbc.pem"),
+            lambda f: load_pem_private_key(
+                f.read(), password=b"Red Hat Enterprise Linux 7.4"
+            ),
+            mode="rb",
+        )
+        assert isinstance(key, rsa.RSAPrivateKey)
+        assert key.key_size == 2048
+
+    def test_load_pkcs8_aes_192_cbc(self):
+        key = load_vectors_from_file(
+            os.path.join("asymmetric", "PKCS8", "rsa-aes-192-cbc.pem"),
+            lambda f: load_pem_private_key(f.read(), password=b"PolarSSLTest"),
+            mode="rb",
+        )
+        assert isinstance(key, rsa.RSAPrivateKey)
+        assert key.key_size == 2048
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.scrypt_supported(),
+        skip_message="Scrypt required",
+    )
+    def test_load_pkcs8_scrypt(self):
+        key = load_vectors_from_file(
+            os.path.join("asymmetric", "PKCS8", "ed25519-scrypt.pem"),
+            lambda f: load_pem_private_key(f.read(), password=b"hunter42"),
+            mode="rb",
+        )
+        assert isinstance(key, ed25519.Ed25519PrivateKey)
+
 
 class TestPEMSerialization:
     @pytest.mark.parametrize(