1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
21 func decodeBase64(in
string) []byte {
22 out
:= make([]byte, base64
.StdEncoding
.DecodedLen(len(in
)))
23 n
, err
:= base64
.StdEncoding
.Decode(out
, []byte(in
))
30 type DecryptPKCS1v15Test
struct {
34 // These test vectors were generated with `openssl rsautl -pkcs -encrypt`
35 var decryptPKCS1v15Tests
= []DecryptPKCS1v15Test
{
37 "gIcUIoVkD6ATMBk/u/nlCZCCWRKdkfjCgFdo35VpRXLduiKXhNz1XupLLzTXAybEq15juc+EgY5o0DHv/nt3yg==",
41 "Y7TOCSqofGhkRb+jaVRLzK8xw2cSo1IVES19utzv6hwvx+M8kFsoWQm5DzBeJCZTCVDPkTpavUuEbgp8hnUGDw==",
45 "arReP9DJtEVyV2Dg3dDp4c/PSk1O6lxkoJ8HcFupoRorBZG+7+1fDAwT1olNddFnQMjmkb8vxwmNMoTAT/BFjQ==",
49 "WtaBXIoGC54+vH0NH0CHHE+dRDOsMc/6BrfFu2lEqcKL9+uDuWaf+Xj9mrbQCjjZcpQuX733zyok/jsnqe/Ftw==",
50 "01234567890123456789012345678901234567890123456789012",
54 func TestDecryptPKCS1v15(t
*testing
.T
) {
55 decryptionFuncs
:= []func([]byte) ([]byte, error
){
56 func(ciphertext
[]byte) (plaintext
[]byte, err error
) {
57 return DecryptPKCS1v15(nil, rsaPrivateKey
, ciphertext
)
59 func(ciphertext
[]byte) (plaintext
[]byte, err error
) {
60 return rsaPrivateKey
.Decrypt(nil, ciphertext
, nil)
64 for _
, decryptFunc
:= range decryptionFuncs
{
65 for i
, test
:= range decryptPKCS1v15Tests
{
66 out
, err
:= decryptFunc(decodeBase64(test
.in
))
68 t
.Errorf("#%d error decrypting", i
)
70 want
:= []byte(test
.out
)
71 if !bytes
.Equal(out
, want
) {
72 t
.Errorf("#%d got:%#v want:%#v", i
, out
, want
)
78 func TestEncryptPKCS1v15(t
*testing
.T
) {
80 k
:= (rsaPrivateKey
.N
.BitLen() + 7) / 8
82 tryEncryptDecrypt
:= func(in
[]byte, blind
bool) bool {
87 ciphertext
, err
:= EncryptPKCS1v15(random
, &rsaPrivateKey
.PublicKey
, in
)
89 t
.Errorf("error encrypting: %s", err
)
99 plaintext
, err
:= DecryptPKCS1v15(rand
, rsaPrivateKey
, ciphertext
)
101 t
.Errorf("error decrypting: %s", err
)
105 if !bytes
.Equal(plaintext
, in
) {
106 t
.Errorf("output mismatch: %#v %#v", plaintext
, in
)
112 config
:= new(quick
.Config
)
116 quick
.Check(tryEncryptDecrypt
, config
)
119 // These test vectors were generated with `openssl rsautl -pkcs -encrypt`
120 var decryptPKCS1v15SessionKeyTests
= []DecryptPKCS1v15Test
{
122 "e6ukkae6Gykq0fKzYwULpZehX+UPXYzMoB5mHQUDEiclRbOTqas4Y0E6nwns1BBpdvEJcilhl5zsox/6DtGsYg==",
126 "Dtis4uk/q/LQGGqGk97P59K03hkCIVFMEFZRgVWOAAhxgYpCRG0MX2adptt92l67IqMki6iVQyyt0TtX3IdtEw==",
130 "LIyFyCYCptPxrvTxpol8F3M7ZivlMsf53zs0vHRAv+rDIh2YsHS69ePMoPMe3TkOMZ3NupiL3takPxIs1sK+dw==",
134 "bafnobel46bKy76JzqU/RIVOH0uAYvzUtauKmIidKgM0sMlvobYVAVQPeUQ/oTGjbIZ1v/6Gyi5AO4DtHruGdw==",
139 func TestEncryptPKCS1v15SessionKey(t
*testing
.T
) {
140 for i
, test
:= range decryptPKCS1v15SessionKeyTests
{
141 key
:= []byte("FAIL")
142 err
:= DecryptPKCS1v15SessionKey(nil, rsaPrivateKey
, decodeBase64(test
.in
), key
)
144 t
.Errorf("#%d error decrypting", i
)
146 want
:= []byte(test
.out
)
147 if !bytes
.Equal(key
, want
) {
148 t
.Errorf("#%d got:%#v want:%#v", i
, key
, want
)
153 func TestEncryptPKCS1v15DecrypterSessionKey(t
*testing
.T
) {
154 for i
, test
:= range decryptPKCS1v15SessionKeyTests
{
155 plaintext
, err
:= rsaPrivateKey
.Decrypt(rand
.Reader
, decodeBase64(test
.in
), &PKCS1v15DecryptOptions
{SessionKeyLen
: 4})
157 t
.Fatalf("#%d: error decrypting: %s", i
, err
)
159 if len(plaintext
) != 4 {
160 t
.Fatalf("#%d: incorrect length plaintext: got %d, want 4", i
, len(plaintext
))
163 if test
.out
!= "FAIL" && !bytes
.Equal(plaintext
, []byte(test
.out
)) {
164 t
.Errorf("#%d: incorrect plaintext: got %x, want %x", i
, plaintext
, test
.out
)
169 func TestNonZeroRandomBytes(t
*testing
.T
) {
170 random
:= rand
.Reader
172 b
:= make([]byte, 512)
173 err
:= nonZeroRandomBytes(b
, random
)
175 t
.Errorf("returned error: %s", err
)
177 for _
, b
:= range b
{
179 t
.Errorf("Zero octet found")
185 type signPKCS1v15Test
struct {
189 // These vectors have been tested with
190 // `openssl rsautl -verify -inkey pk -in signature | hexdump -C`
191 var signPKCS1v15Tests
= []signPKCS1v15Test
{
192 {"Test.\n", "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e336ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362ae"},
195 func TestSignPKCS1v15(t
*testing
.T
) {
196 for i
, test
:= range signPKCS1v15Tests
{
198 h
.Write([]byte(test
.in
))
201 s
, err
:= SignPKCS1v15(nil, rsaPrivateKey
, crypto
.SHA1
, digest
)
203 t
.Errorf("#%d %s", i
, err
)
206 expected
, _
:= hex
.DecodeString(test
.out
)
207 if !bytes
.Equal(s
, expected
) {
208 t
.Errorf("#%d got: %x want: %x", i
, s
, expected
)
213 func TestVerifyPKCS1v15(t
*testing
.T
) {
214 for i
, test
:= range signPKCS1v15Tests
{
216 h
.Write([]byte(test
.in
))
219 sig
, _
:= hex
.DecodeString(test
.out
)
221 err
:= VerifyPKCS1v15(&rsaPrivateKey
.PublicKey
, crypto
.SHA1
, digest
, sig
)
223 t
.Errorf("#%d %s", i
, err
)
228 func TestOverlongMessagePKCS1v15(t
*testing
.T
) {
229 ciphertext
:= decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==")
230 _
, err
:= DecryptPKCS1v15(nil, rsaPrivateKey
, ciphertext
)
232 t
.Error("RSA decrypted a message that was too long.")
236 func TestUnpaddedSignature(t
*testing
.T
) {
237 msg
:= []byte("Thu Dec 19 18:06:16 EST 2013\n")
238 // This base64 value was generated with:
239 // % echo Thu Dec 19 18:06:16 EST 2013 > /tmp/msg
240 // % openssl rsautl -sign -inkey key -out /tmp/sig -in /tmp/msg
242 // Where "key" contains the RSA private key given at the bottom of this
244 expectedSig
:= decodeBase64("pX4DR8azytjdQ1rtUiC040FjkepuQut5q2ZFX1pTjBrOVKNjgsCDyiJDGZTCNoh9qpXYbhl7iEym30BWWwuiZg==")
246 sig
, err
:= SignPKCS1v15(nil, rsaPrivateKey
, crypto
.Hash(0), msg
)
248 t
.Fatalf("SignPKCS1v15 failed: %s", err
)
250 if !bytes
.Equal(sig
, expectedSig
) {
251 t
.Fatalf("signature is not expected value: got %x, want %x", sig
, expectedSig
)
253 if err
:= VerifyPKCS1v15(&rsaPrivateKey
.PublicKey
, crypto
.Hash(0), msg
, sig
); err
!= nil {
254 t
.Fatalf("signature failed to verify: %s", err
)
258 func TestShortSessionKey(t
*testing
.T
) {
259 // This tests that attempting to decrypt a session key where the
260 // ciphertext is too small doesn't run outside the array bounds.
261 ciphertext
, err
:= EncryptPKCS1v15(rand
.Reader
, &rsaPrivateKey
.PublicKey
, []byte{1})
263 t
.Fatalf("Failed to encrypt short message: %s", err
)
267 if err
:= DecryptPKCS1v15SessionKey(nil, rsaPrivateKey
, ciphertext
, key
[:]); err
!= nil {
268 t
.Fatalf("Failed to decrypt short message: %s", err
)
271 for _
, v
:= range key
{
273 t
.Fatal("key was modified when ciphertext was invalid")
278 // In order to generate new test vectors you'll need the PEM form of this key (and s/TESTING/PRIVATE/):
279 // -----BEGIN RSA TESTING KEY-----
280 // MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0
281 // fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu
282 // /ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu
283 // RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/
284 // EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A
285 // IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS
286 // tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V
287 // -----END RSA TESTING KEY-----
289 var rsaPrivateKey
= &PrivateKey
{
290 PublicKey
: PublicKey
{
291 N
: fromBase10("9353930466774385905609975137998169297361893554149986716853295022578535724979677252958524466350471210367835187480748268864277464700638583474144061408845077"),
294 D
: fromBase10("7266398431328116344057699379749222532279343923819063639497049039389899328538543087657733766554155839834519529439851673014800261285757759040931985506583861"),
296 fromBase10("98920366548084643601728869055592650835572950932266967461790948584315647051443"),
297 fromBase10("94560208308847015747498523884063394671606671904944666360068158221458669711639"),
301 func TestShortPKCS1v15Signature(t
*testing
.T
) {
304 N
: fromBase10("8272693557323587081220342447407965471608219912416565371060697606400726784709760494166080686904546560026343451112103559482851304715739629410219358933351333"),
306 sig
, err
:= hex
.DecodeString("193a310d0dcf64094c6e3a00c8219b80ded70535473acff72c08e1222974bb24a93a535b1dc4c59fc0e65775df7ba2007dd20e9193f4c4025a18a7070aee93")
308 t
.Fatalf("failed to decode signature: %s", err
)
311 h
:= sha256
.Sum256([]byte("hello"))
312 err
= VerifyPKCS1v15(pub
, crypto
.SHA256
, h
[:], sig
)
314 t
.Fatal("VerifyPKCS1v15 accepted a truncated signature")