github.com/emmansun/gmsm@v0.29.1/smx509/pkcs1_test.go (about) 1 package smx509 2 3 import ( 4 "bytes" 5 "crypto/rsa" 6 "encoding/asn1" 7 "encoding/hex" 8 "encoding/pem" 9 "math/big" 10 "strings" 11 "testing" 12 ) 13 14 func TestParsePKCS1PrivateKey(t *testing.T) { 15 block, _ := pem.Decode([]byte(pemPrivateKey)) 16 priv, err := ParsePKCS1PrivateKey(block.Bytes) 17 if err != nil { 18 t.Errorf("Failed to parse private key: %s", err) 19 return 20 } 21 if priv.PublicKey.N.Cmp(rsaPrivateKey.PublicKey.N) != 0 || 22 priv.PublicKey.E != rsaPrivateKey.PublicKey.E || 23 priv.D.Cmp(rsaPrivateKey.D) != 0 || 24 priv.Primes[0].Cmp(rsaPrivateKey.Primes[0]) != 0 || 25 priv.Primes[1].Cmp(rsaPrivateKey.Primes[1]) != 0 { 26 t.Errorf("got:%+v want:%+v", priv, rsaPrivateKey) 27 } 28 29 // This private key includes an invalid prime that 30 // rsa.PrivateKey.Validate should reject. 31 data := []byte("0\x16\x02\x00\x02\x02\u007f\x00\x02\x0200\x02\x0200\x02\x02\x00\x01\x02\x02\u007f\x00") 32 if _, err := ParsePKCS1PrivateKey(data); err == nil { 33 t.Errorf("parsing invalid private key did not result in an error") 34 } 35 } 36 37 func TestMarshalRSAPrivateKey(t *testing.T) { 38 priv := &rsa.PrivateKey{ 39 PublicKey: rsa.PublicKey{ 40 N: fromBase10("16346378922382193400538269749936049106320265317511766357599732575277382844051791096569333808598921852351577762718529818072849191122419410612033592401403764925096136759934497687765453905884149505175426053037420486697072448609022753683683718057795566811401938833367954642951433473337066311978821180526439641496973296037000052546108507805269279414789035461158073156772151892452251106173507240488993608650881929629163465099476849643165682709047462010581308719577053905787496296934240246311806555924593059995202856826239801816771116902778517096212527979497399966526283516447337775509777558018145573127308919204297111496233"), 41 E: 3, 42 }, 43 D: fromBase10("10897585948254795600358846499957366070880176878341177571733155050184921896034527397712889205732614568234385175145686545381899460748279607074689061600935843283397424506622998458510302603922766336783617368686090042765718290914099334449154829375179958369993407724946186243249568928237086215759259909861748642124071874879861299389874230489928271621259294894142840428407196932444474088857746123104978617098858619445675532587787023228852383149557470077802718705420275739737958953794088728369933811184572620857678792001136676902250566845618813972833750098806496641114644760255910789397593428910198080271317419213080834885003"), 44 Primes: []*big.Int{ 45 fromBase10("1025363189502892836833747188838978207017355117492483312747347695538428729137306368764177201532277413433182799108299960196606011786562992097313508180436744488171474690412562218914213688661311117337381958560443"), 46 fromBase10("3467903426626310123395340254094941045497208049900750380025518552334536945536837294961497712862519984786362199788654739924501424784631315081391467293694361474867825728031147665777546570788493758372218019373"), 47 fromBase10("4597024781409332673052708605078359346966325141767460991205742124888960305710298765592730135879076084498363772408626791576005136245060321874472727132746643162385746062759369754202494417496879741537284589047"), 48 }, 49 } 50 51 derBytes := MarshalPKCS1PrivateKey(priv) 52 53 priv2, err := ParsePKCS1PrivateKey(derBytes) 54 if err != nil { 55 t.Errorf("error parsing serialized key: %s", err) 56 return 57 } 58 if priv.PublicKey.N.Cmp(priv2.PublicKey.N) != 0 || 59 priv.PublicKey.E != priv2.PublicKey.E || 60 priv.D.Cmp(priv2.D) != 0 || 61 len(priv2.Primes) != 3 || 62 priv.Primes[0].Cmp(priv2.Primes[0]) != 0 || 63 priv.Primes[1].Cmp(priv2.Primes[1]) != 0 || 64 priv.Primes[2].Cmp(priv2.Primes[2]) != 0 { 65 t.Errorf("got:%+v want:%+v", priv, priv2) 66 } 67 } 68 69 func TestMarshalRSAPublicKey(t *testing.T) { 70 pub := &rsa.PublicKey{ 71 N: fromBase10("16346378922382193400538269749936049106320265317511766357599732575277382844051791096569333808598921852351577762718529818072849191122419410612033592401403764925096136759934497687765453905884149505175426053037420486697072448609022753683683718057795566811401938833367954642951433473337066311978821180526439641496973296037000052546108507805269279414789035461158073156772151892452251106173507240488993608650881929629163465099476849643165682709047462010581308719577053905787496296934240246311806555924593059995202856826239801816771116902778517096212527979497399966526283516447337775509777558018145573127308919204297111496233"), 72 E: 3, 73 } 74 derBytes := MarshalPKCS1PublicKey(pub) 75 pub2, err := ParsePKCS1PublicKey(derBytes) 76 if err != nil { 77 t.Errorf("ParsePKCS1PublicKey: %s", err) 78 } 79 if pub.N.Cmp(pub2.N) != 0 || pub.E != pub2.E { 80 t.Errorf("ParsePKCS1PublicKey = %+v, want %+v", pub, pub2) 81 } 82 83 // It's never been documented that asn1.Marshal/Unmarshal on rsa.PublicKey works, 84 // but it does, and we know of code that depends on it. 85 // Lock that in, even though we'd prefer that people use MarshalPKCS1PublicKey and ParsePKCS1PublicKey. 86 derBytes2, err := asn1.Marshal(*pub) 87 if err != nil { 88 t.Errorf("Marshal(rsa.PublicKey): %v", err) 89 } else if !bytes.Equal(derBytes, derBytes2) { 90 t.Errorf("Marshal(rsa.PublicKey) = %x, want %x", derBytes2, derBytes) 91 } 92 pub3 := new(rsa.PublicKey) 93 rest, err := asn1.Unmarshal(derBytes, pub3) 94 if err != nil { 95 t.Errorf("Unmarshal(rsa.PublicKey): %v", err) 96 } 97 if len(rest) != 0 || pub.N.Cmp(pub3.N) != 0 || pub.E != pub3.E { 98 t.Errorf("Unmarshal(rsa.PublicKey) = %+v, %q want %+v, %q", pub, rest, pub2, []byte(nil)) 99 } 100 101 publicKeys := []struct { 102 derBytes []byte 103 expectedErrSubstr string 104 }{ 105 { 106 derBytes: []byte{ 107 0x30, 6, // SEQUENCE, 6 bytes 108 0x02, 1, // INTEGER, 1 byte 109 17, 110 0x02, 1, // INTEGER, 1 byte 111 3, // 3 112 }, 113 }, { 114 derBytes: []byte{ 115 0x30, 6, // SEQUENCE 116 0x02, 1, // INTEGER, 1 byte 117 0xff, // -1 118 0x02, 1, // INTEGER, 1 byte 119 3, 120 }, 121 expectedErrSubstr: "zero or negative", 122 }, { 123 derBytes: []byte{ 124 0x30, 6, // SEQUENCE 125 0x02, 1, // INTEGER, 1 byte 126 17, 127 0x02, 1, // INTEGER, 1 byte 128 0xff, // -1 129 }, 130 expectedErrSubstr: "zero or negative", 131 }, { 132 derBytes: []byte{ 133 0x30, 6, // SEQUENCE 134 0x02, 1, // INTEGER, 1 byte 135 17, 136 0x02, 1, // INTEGER, 1 byte 137 3, 138 1, 139 }, 140 expectedErrSubstr: "trailing data", 141 }, { 142 derBytes: []byte{ 143 0x30, 9, // SEQUENCE 144 0x02, 1, // INTEGER, 1 byte 145 17, 146 0x02, 4, // INTEGER, 4 bytes 147 0x7f, 0xff, 0xff, 0xff, 148 }, 149 }, { 150 derBytes: []byte{ 151 0x30, 10, // SEQUENCE 152 0x02, 1, // INTEGER, 1 byte 153 17, 154 0x02, 5, // INTEGER, 5 bytes 155 0x00, 0x80, 0x00, 0x00, 0x00, 156 }, 157 // On 64-bit systems, encoding/asn1 will accept the 158 // public exponent, but ParsePKCS1PublicKey will return 159 // an error. On 32-bit systems, encoding/asn1 will 160 // return the error. The common substring of both error 161 // is the word “large”. 162 expectedErrSubstr: "large", 163 }, 164 } 165 166 for i, test := range publicKeys { 167 shouldFail := len(test.expectedErrSubstr) > 0 168 pub, err := ParsePKCS1PublicKey(test.derBytes) 169 if shouldFail { 170 if err == nil { 171 t.Errorf("#%d: unexpected success, got %#v", i, pub) 172 } else if !strings.Contains(err.Error(), test.expectedErrSubstr) { 173 t.Errorf("#%d: expected error containing %q, got %s", i, test.expectedErrSubstr, err) 174 } 175 } else { 176 if err != nil { 177 t.Errorf("#%d: unexpected failure: %s", i, err) 178 continue 179 } 180 reserialized := MarshalPKCS1PublicKey(pub) 181 if !bytes.Equal(reserialized, test.derBytes) { 182 t.Errorf("#%d: failed to reserialize: got %x, expected %x", i, reserialized, test.derBytes) 183 } 184 } 185 } 186 } 187 188 const hexPKCS1TestPKCS8Key = "30820278020100300d06092a864886f70d0101010500048202623082025e02010002818100cfb1b5bf9685ffa97b4f99df4ff122b70e59ac9b992f3bc2b3dde17d53c1a34928719b02e8fd17839499bfbd515bd6ef99c7a1c47a239718fe36bfd824c0d96060084b5f67f0273443007a24dfaf5634f7772c9346e10eb294c2306671a5a5e719ae24b4de467291bc571014b0e02dec04534d66a9bb171d644b66b091780e8d020301000102818100b595778383c4afdbab95d2bfed12b3f93bb0a73a7ad952f44d7185fd9ec6c34de8f03a48770f2009c8580bcd275e9632714e9a5e3f32f29dc55474b2329ff0ebc08b3ffcb35bc96e6516b483df80a4a59cceb71918cbabf91564e64a39d7e35dce21cb3031824fdbc845dba6458852ec16af5dddf51a8397a8797ae0337b1439024100ea0eb1b914158c70db39031dd8904d6f18f408c85fbbc592d7d20dee7986969efbda081fdf8bc40e1b1336d6b638110c836bfdc3f314560d2e49cd4fbde1e20b024100e32a4e793b574c9c4a94c8803db5152141e72d03de64e54ef2c8ed104988ca780cd11397bc359630d01b97ebd87067c5451ba777cf045ca23f5912f1031308c702406dfcdbbd5a57c9f85abc4edf9e9e29153507b07ce0a7ef6f52e60dcfebe1b8341babd8b789a837485da6c8d55b29bbb142ace3c24a1f5b54b454d01b51e2ad03024100bd6a2b60dee01e1b3bfcef6a2f09ed027c273cdbbaf6ba55a80f6dcc64e4509ee560f84b4f3e076bd03b11e42fe71a3fdd2dffe7e0902c8584f8cad877cdc945024100aa512fa4ada69881f1d8bb8ad6614f192b83200aef5edf4811313d5ef30a86cbd0a90f7b025c71ea06ec6b34db6306c86b1040670fd8654ad7291d066d06d031" 189 const hexPKCS1TestECKey = "3081a40201010430bdb9839c08ee793d1157886a7a758a3c8b2a17a4df48f17ace57c72c56b4723cf21dcda21d4e1ad57ff034f19fcfd98ea00706052b81040022a16403620004feea808b5ee2429cfcce13c32160e1c960990bd050bb0fdf7222f3decd0a55008e32a6aa3c9062051c4cba92a7a3b178b24567412d43cdd2f882fa5addddd726fe3e208d2c26d733a773a597abb749714df7256ead5105fa6e7b3650de236b50" 190 191 var pkcs1MismatchKeyTests = []struct { 192 hexKey string 193 errorContains string 194 }{ 195 {hexKey: hexPKCS1TestPKCS8Key, errorContains: "use ParsePKCS8PrivateKey instead"}, 196 {hexKey: hexPKCS1TestECKey, errorContains: "use ParseECPrivateKey instead"}, 197 } 198 199 func TestPKCS1MismatchKeyFormat(t *testing.T) { 200 for i, test := range pkcs1MismatchKeyTests { 201 derBytes, _ := hex.DecodeString(test.hexKey) 202 _, err := ParsePKCS1PrivateKey(derBytes) 203 if !strings.Contains(err.Error(), test.errorContains) { 204 t.Errorf("#%d: expected error containing %q, got %s", i, test.errorContains, err) 205 } 206 } 207 }