github.com/emmansun/gmsm@v0.29.1/smx509/pem_decrypt_test.go (about) 1 // Copyright 2012 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package smx509 6 7 import ( 8 "bytes" 9 "crypto/rand" 10 "crypto/x509" 11 "encoding/base64" 12 "encoding/pem" 13 "fmt" 14 "strings" 15 "testing" 16 ) 17 18 func TestDecrypt(t *testing.T) { 19 for i, data := range testData { 20 t.Logf("test %v. %v", i, data.kind) 21 block, rest := pem.Decode(data.pemData) 22 if len(rest) > 0 { 23 t.Error("extra data") 24 } 25 der, err := DecryptPEMBlock(block, data.password) 26 if err != nil { 27 t.Error("decrypt failed: ", err) 28 continue 29 } 30 if _, err := x509.ParsePKCS1PrivateKey(der); err != nil { 31 t.Error("invalid private key: ", err) 32 } 33 plainDER, err := base64.StdEncoding.DecodeString(data.plainDER) 34 if err != nil { 35 t.Fatal("cannot decode test DER data: ", err) 36 } 37 if !bytes.Equal(der, plainDER) { 38 t.Error("data mismatch") 39 } 40 } 41 } 42 43 func TestEncrypt(t *testing.T) { 44 for i, data := range testData { 45 t.Logf("test %v. %v", i, data.kind) 46 plainDER, err := base64.StdEncoding.DecodeString(data.plainDER) 47 if err != nil { 48 t.Fatal("cannot decode test DER data: ", err) 49 } 50 password := []byte("kremvax1") 51 block, err := EncryptPEMBlock(rand.Reader, "RSA PRIVATE KEY", plainDER, password, data.kind) 52 if err != nil { 53 t.Error("encrypt: ", err) 54 continue 55 } 56 if !IsEncryptedPEMBlock(block) { 57 t.Error("PEM block does not appear to be encrypted") 58 } 59 if block.Type != "RSA PRIVATE KEY" { 60 t.Errorf("unexpected block type; got %q want %q", block.Type, "RSA PRIVATE KEY") 61 } 62 if block.Headers["Proc-Type"] != "4,ENCRYPTED" { 63 t.Errorf("block does not have correct Proc-Type header") 64 } 65 der, err := DecryptPEMBlock(block, password) 66 if err != nil { 67 t.Error("decrypt: ", err) 68 continue 69 } 70 if !bytes.Equal(der, plainDER) { 71 t.Errorf("data mismatch") 72 } 73 pemContent := string(pem.EncodeToMemory(block)) 74 fmt.Printf("%s\n", pemContent) 75 } 76 } 77 78 var testData = []struct { 79 kind PEMCipher 80 password []byte 81 pemData []byte 82 plainDER string 83 }{ 84 { 85 kind: PEMCipherDES, 86 password: []byte("asdf"), 87 pemData: []byte(testingKey(` 88 -----BEGIN RSA TESTING KEY----- 89 Proc-Type: 4,ENCRYPTED 90 DEK-Info: DES-CBC,34F09A4FC8DE22B5 91 WXxy8kbZdiZvANtKvhmPBLV7eVFj2A5z6oAxvI9KGyhG0ZK0skfnt00C24vfU7m5 92 ICXeoqP67lzJ18xCzQfHjDaBNs53DSDT+Iz4e8QUep1xQ30+8QKX2NA2coee3nwc 93 6oM1cuvhNUDemBH2i3dKgMVkfaga0zQiiOq6HJyGSncCMSruQ7F9iWEfRbFcxFCx 94 qtHb1kirfGKEtgWTF+ynyco6+2gMXNu70L7nJcnxnV/RLFkHt7AUU1yrclxz7eZz 95 XOH9VfTjb52q/I8Suozq9coVQwg4tXfIoYUdT//O+mB7zJb9HI9Ps77b9TxDE6Gm 96 4C9brwZ3zg2vqXcwwV6QRZMtyll9rOpxkbw6NPlpfBqkc3xS51bbxivbO/Nve4KD 97 r12ymjFNF4stXCfJnNqKoZ50BHmEEUDu5Wb0fpVn82XrGw7CYc4iug== 98 -----END RSA TESTING KEY-----`)), 99 plainDER: ` 100 MIIBPAIBAAJBAPASZe+tCPU6p80AjHhDkVsLYa51D35e/YGa8QcZyooeZM8EHozo 101 KD0fNiKI+53bHdy07N+81VQ8/ejPcRoXPlsCAwEAAQJBAMTxIuSq27VpR+zZ7WJf 102 c6fvv1OBvpMZ0/d1pxL/KnOAgq2rD5hDtk9b0LGhTPgQAmrrMTKuSeGoIuYE+gKQ 103 QvkCIQD+GC1m+/do+QRurr0uo46Kx1LzLeSCrjBk34wiOp2+dwIhAPHfTLRXS2fv 104 7rljm0bYa4+eDZpz+E8RcXEgzhhvcQQ9AiAI5eHZJGOyml3MXnQjiPi55WcDOw0w 105 glcRgT6QCEtz2wIhANSyqaFtosIkHKqrDUGfz/bb5tqMYTAnBruVPaf/WEOBAiEA 106 9xORWeRG1tRpso4+dYy4KdDkuLPIO01KY6neYGm3BCM=`, 107 }, 108 { 109 kind: PEMCipher3DES, 110 password: []byte("asdf"), 111 pemData: []byte(testingKey(` 112 -----BEGIN RSA TESTING KEY----- 113 Proc-Type: 4,ENCRYPTED 114 DEK-Info: DES-EDE3-CBC,C1F4A6A03682C2C7 115 0JqVdBEH6iqM7drTkj+e2W/bE3LqakaiWhb9WUVonFkhyu8ca/QzebY3b5gCvAZQ 116 YwBvDcT/GHospKqPx+cxDHJNsUASDZws6bz8ZXWJGwZGExKzr0+Qx5fgXn44Ms3x 117 8g1ENFuTXtxo+KoNK0zuAMAqp66Llcds3Fjl4XR18QaD0CrVNAfOdgATWZm5GJxk 118 Fgx5f84nT+/ovvreG+xeOzWgvtKo0UUZVrhGOgfKLpa57adumcJ6SkUuBtEFpZFB 119 ldw5w7WC7d13x2LsRkwo8ZrDKgIV+Y9GNvhuCCkTzNP0V3gNeJpd201HZHR+9n3w 120 3z0VjR/MGqsfcy1ziEWMNOO53At3zlG6zP05aHMnMcZoVXadEK6L1gz++inSSDCq 121 gI0UJP4e3JVB7AkgYymYAwiYALAkoEIuanxoc50njJk= 122 -----END RSA TESTING KEY-----`)), 123 plainDER: ` 124 MIIBOwIBAAJBANOCXKdoNS/iP/MAbl9cf1/SF3P+Ns7ZeNL27CfmDh0O6Zduaax5 125 NBiumd2PmjkaCu7lQ5JOibHfWn+xJsc3kw0CAwEAAQJANX/W8d1Q/sCqzkuAn4xl 126 B5a7qfJWaLHndu1QRLNTRJPn0Ee7OKJ4H0QKOhQM6vpjRrz+P2u9thn6wUxoPsef 127 QQIhAP/jCkfejFcy4v15beqKzwz08/tslVjF+Yq41eJGejmxAiEA05pMoqfkyjcx 128 fyvGhpoOyoCp71vSGUfR2I9CR65oKh0CIC1Msjs66LlfJtQctRq6bCEtFCxEcsP+ 129 eEjYo/Sk6WphAiEAxpgWPMJeU/shFT28gS+tmhjPZLpEoT1qkVlC14u0b3ECIQDX 130 tZZZxCtPAm7shftEib0VU77Lk8MsXJcx2C4voRsjEw==`, 131 }, 132 { 133 kind: PEMCipherAES128, 134 password: []byte("asdf"), 135 pemData: []byte(testingKey(` 136 -----BEGIN RSA TESTING KEY----- 137 Proc-Type: 4,ENCRYPTED 138 DEK-Info: AES-128-CBC,D4492E793FC835CC038A728ED174F78A 139 EyfQSzXSjv6BaNH+NHdXRlkHdimpF9izWlugVJAPApgXrq5YldPe2aGIOFXyJ+QE 140 ZIG20DYqaPzJRjTEbPNZ6Es0S2JJ5yCpKxwJuDkgJZKtF39Q2i36JeGbSZQIuWJE 141 GZbBpf1jDH/pr0iGonuAdl2PCCZUiy+8eLsD2tyviHUkFLOB+ykYoJ5t8ngZ/B6D 142 33U43LLb7+9zD4y3Q9OVHqBFGyHcxCY9+9Qh4ZnFp7DTf6RY5TNEvE3s4g6aDpBs 143 3NbvRVvYTgs8K9EPk4K+5R+P2kD8J8KvEIGxVa1vz8QoCJ/jr7Ka2rvNgPCex5/E 144 080LzLHPCrXKdlr/f50yhNWq08ZxMWQFkui+FDHPDUaEELKAXV8/5PDxw80Rtybo 145 AVYoCVIbZXZCuCO81op8UcOgEpTtyU5Lgh3Mw5scQL0= 146 -----END RSA TESTING KEY-----`)), 147 plainDER: ` 148 MIIBOgIBAAJBAMBlj5FxYtqbcy8wY89d/S7n0+r5MzD9F63BA/Lpl78vQKtdJ5dT 149 cDGh/rBt1ufRrNp0WihcmZi7Mpl/3jHjiWECAwEAAQJABNOHYnKhtDIqFYj1OAJ3 150 k3GlU0OlERmIOoeY/cL2V4lgwllPBEs7r134AY4wMmZSBUj8UR/O4SNO668ElKPE 151 cQIhAOuqY7/115x5KCdGDMWi+jNaMxIvI4ETGwV40ykGzqlzAiEA0P9oEC3m9tHB 152 kbpjSTxaNkrXxDgdEOZz8X0uOUUwHNsCIAwzcSCiGLyYJTULUmP1ESERfW1mlV78 153 XzzESaJpIM/zAiBQkSTcl9VhcJreQqvjn5BnPZLP4ZHS4gPwJAGdsj5J4QIhAOVR 154 B3WlRNTXR2WsJ5JdByezg9xzdXzULqmga0OE339a`, 155 }, 156 { 157 kind: PEMCipherAES192, 158 password: []byte("asdf"), 159 pemData: []byte(testingKey(` 160 -----BEGIN RSA TESTING KEY----- 161 Proc-Type: 4,ENCRYPTED 162 DEK-Info: AES-192-CBC,E2C9FB02BCA23ADE1829F8D8BC5F5369 163 cqVslvHqDDM6qwU6YjezCRifXmKsrgEev7ng6Qs7UmDJOpHDgJQZI9fwMFUhIyn5 164 FbCu1SHkLMW52Ld3CuEqMnzWMlhPrW8tFvUOrMWPYSisv7nNq88HobZEJcUNL2MM 165 Y15XmHW6IJwPqhKyLHpWXyOCVEh4ODND2nV15PCoi18oTa475baxSk7+1qH7GuIs 166 Rb7tshNTMqHbCpyo9Rn3UxeFIf9efdl8YLiMoIqc7J8E5e9VlbeQSdLMQOgDAQJG 167 ReUtTw8exmKsY4gsSjhkg5uiw7/ZB1Ihto0qnfQJgjGc680qGkT1d6JfvOfeYAk6 168 xn5RqS/h8rYAYm64KnepfC9vIujo4NqpaREDmaLdX5MJPQ+SlytITQvgUsUq3q/t 169 Ss85xjQEZH3hzwjQqdJvmA4hYP6SUjxYpBM+02xZ1Xw= 170 -----END RSA TESTING KEY-----`)), 171 plainDER: ` 172 MIIBOwIBAAJBAMGcRrZiNNmtF20zyS6MQ7pdGx17aFDl+lTl+qnLuJRUCMUG05xs 173 OmxmL/O1Qlf+bnqR8Bgg65SfKg21SYuLhiMCAwEAAQJBAL94uuHyO4wux2VC+qpj 174 IzPykjdU7XRcDHbbvksf4xokSeUFjjD3PB0Qa83M94y89ZfdILIqS9x5EgSB4/lX 175 qNkCIQD6cCIqLfzq/lYbZbQgAAjpBXeQVYsbvVtJrPrXJAlVVQIhAMXpDKMeFPMn 176 J0g2rbx1gngx0qOa5r5iMU5w/noN4W2XAiBjf+WzCG5yFvazD+dOx3TC0A8+4x3P 177 uZ3pWbaXf5PNuQIgAcdXarvhelH2w2piY1g3BPeFqhzBSCK/yLGxR82KIh8CIQDD 178 +qGKsd09NhQ/G27y/DARzOYtml1NvdmCQAgsDIIOLA==`, 179 }, 180 { 181 kind: PEMCipherAES256, 182 password: []byte("asdf"), 183 pemData: []byte(testingKey(` 184 -----BEGIN RSA TESTING KEY----- 185 Proc-Type: 4,ENCRYPTED 186 DEK-Info: AES-256-CBC,8E7ED5CD731902CE938957A886A5FFBD 187 4Mxr+KIzRVwoOP0wwq6caSkvW0iS+GE2h2Ov/u+n9ZTMwL83PRnmjfjzBgfRZLVf 188 JFPXxUK26kMNpIdssNnqGOds+DhB+oSrsNKoxgxSl5OBoYv9eJTVYm7qOyAFIsjr 189 DRKAcjYCmzfesr7PVTowwy0RtHmYwyXMGDlAzzZrEvaiySFFmMyKKvtoavwaFoc7 190 Pz3RZScwIuubzTGJ1x8EzdffYOsdCa9Mtgpp3L136+23dOd6L/qK2EG2fzrJSHs/ 191 2XugkleBFSMKzEp9mxXKRfa++uidQvMZTFLDK9w5YjrRvMBo/l2BoZIsq0jAIE1N 192 sv5Z/KwlX+3MDEpPQpUwGPlGGdLnjI3UZ+cjgqBcoMiNc6HfgbBgYJSU6aDSHuCk 193 clCwByxWkBNgJ2GrkwNrF26v+bGJJJNR4SKouY1jQf0= 194 -----END RSA TESTING KEY-----`)), 195 plainDER: ` 196 MIIBOgIBAAJBAKy3GFkstoCHIEeUU/qO8207m8WSrjksR+p9B4tf1w5k+2O1V/GY 197 AQ5WFCApItcOkQe/I0yZZJk/PmCqMzSxrc8CAwEAAQJAOCAz0F7AW9oNelVQSP8F 198 Sfzx7O1yom+qWyAQQJF/gFR11gpf9xpVnnyu1WxIRnDUh1LZwUsjwlDYb7MB74id 199 oQIhANPcOiLwOPT4sIUpRM5HG6BF1BI7L77VpyGVk8xNP7X/AiEA0LMHZtk4I+lJ 200 nClgYp4Yh2JZ1Znbu7IoQMCEJCjwKDECIGd8Dzm5tViTkUW6Hs3Tlf73nNs65duF 201 aRnSglss8I3pAiEAonEnKruawgD8RavDFR+fUgmQiPz4FnGGeVgfwpGG1JECIBYq 202 PXHYtPqxQIbD2pScR5qum7iGUh11lEUPkmt+2uqS`, 203 }, 204 { 205 kind: PEMCipherSM4, 206 password: []byte("asdf"), 207 pemData: []byte(testingKey(` 208 -----BEGIN RSA PRIVATE KEY----- 209 Proc-Type: 4,ENCRYPTED 210 DEK-Info: sm4-cbc,4cf10431aa24f6a4c1490ce93ff086ef 211 212 OSUW2Zbd7E+MKulT70SpQIsR0FdV1MP41OKvxT3XfOMZDk3naDyJoBFon8FEftlN 213 xKNkRnzZTmzteRzySbNQBKIwwHnak8Vcqwy5UB61+RWC5rk+kDRiwG6sZp6HFs4Z 214 GLrzVQlh6Ag/ecckhms0FfLbmKLeCwG1MlLaI8ZHvZSQ5R1JPdF43rmxkoA6RTg+ 215 SWWf2T5T3DyOOPmgaxrRQJZURJuJZK3eyAvU395t1xDsvdgOIQlmgEA6nmrNcJQt 216 cn88qJ6NpRpVjdDupnOynJ726diIcugYwLcxhMir5eSNkMkjR5SZdEwuFgcbicvc 217 TkCGwp6aSyLYpHsIwTJupY8Lk32WuqpC34K/IJlNDichVyeLILEj9GqUGJNm/1N3 218 FKMobhAYj14+AsMKzR+4rOsYeJxX+8ws3D5RbL7nTKs= 219 -----END RSA PRIVATE KEY-----`)), 220 plainDER: ` 221 MIIBOgIBAAJBAMBlj5FxYtqbcy8wY89d/S7n0+r5MzD9F63BA/Lpl78vQKtdJ5dT 222 cDGh/rBt1ufRrNp0WihcmZi7Mpl/3jHjiWECAwEAAQJABNOHYnKhtDIqFYj1OAJ3 223 k3GlU0OlERmIOoeY/cL2V4lgwllPBEs7r134AY4wMmZSBUj8UR/O4SNO668ElKPE 224 cQIhAOuqY7/115x5KCdGDMWi+jNaMxIvI4ETGwV40ykGzqlzAiEA0P9oEC3m9tHB 225 kbpjSTxaNkrXxDgdEOZz8X0uOUUwHNsCIAwzcSCiGLyYJTULUmP1ESERfW1mlV78 226 XzzESaJpIM/zAiBQkSTcl9VhcJreQqvjn5BnPZLP4ZHS4gPwJAGdsj5J4QIhAOVR 227 B3WlRNTXR2WsJ5JdByezg9xzdXzULqmga0OE339a`, 228 }, 229 { 230 // generated with: 231 // openssl genrsa -aes128 -passout pass:asdf -out server.orig.key 128 232 kind: PEMCipherAES128, 233 password: []byte("asdf"), 234 pemData: []byte(testingKey(` 235 -----BEGIN RSA TESTING KEY----- 236 Proc-Type: 4,ENCRYPTED 237 DEK-Info: AES-128-CBC,74611ABC2571AF11B1BF9B69E62C89E7 238 6ei/MlytjE0FFgZOGQ+jrwomKfpl8kdefeE0NSt/DMRrw8OacHAzBNi3pPEa0eX3 239 eND9l7C9meCirWovjj9QWVHrXyugFuDIqgdhQ8iHTgCfF3lrmcttVrbIfMDw+smD 240 hTP8O1mS/MHl92NE0nhv0w== 241 -----END RSA TESTING KEY-----`)), 242 plainDER: ` 243 MGMCAQACEQC6ssxmYuauuHGOCDAI54RdAgMBAAECEQCWIn6Yv2O+kBcDF7STctKB 244 AgkA8SEfu/2i3g0CCQDGNlXbBHX7kQIIK3Ww5o0cYbECCQDCimPb0dYGsQIIeQ7A 245 jryIst8=`, 246 }, 247 } 248 249 var incompleteBlockPEM = testingKey(` 250 -----BEGIN RSA TESTING KEY----- 251 Proc-Type: 4,ENCRYPTED 252 DEK-Info: AES-128-CBC,74611ABC2571AF11B1BF9B69E62C89E7 253 6L8yXK2MTQUWBk4ZD6OvCiYp+mXyR1594TQ1K38MxGvDw5pwcDME2Lek8RrR5fd40P2XsL2Z4KKt 254 ai+OP1BZUetfK6AW4MiqB2FDyIdOAJ8XeWuZy21Wtsh8wPD6yYOFM/w7WZL8weX3Y0TSeG/T 255 -----END RSA TESTING KEY-----`) 256 257 func TestIncompleteBlock(t *testing.T) { 258 // incompleteBlockPEM contains ciphertext that is not a multiple of the 259 // block size. This previously panicked. See #11215. 260 block, _ := pem.Decode([]byte(incompleteBlockPEM)) 261 _, err := DecryptPEMBlock(block, []byte("foo")) 262 if err == nil { 263 t.Fatal("Bad PEM data decrypted successfully") 264 } 265 const expectedSubstr = "block size" 266 if e := err.Error(); !strings.Contains(e, expectedSubstr) { 267 t.Fatalf("Expected error containing %q but got: %q", expectedSubstr, e) 268 } 269 } 270 271 func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") }