github.com/mtsmfm/go/src@v0.0.0-20221020090648-44bdcb9f8fde/crypto/rsa/pkcs1v15_test.go (about) 1 // Copyright 2009 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package rsa 6 7 import ( 8 "bytes" 9 "crypto" 10 "crypto/rand" 11 "crypto/sha1" 12 "crypto/sha256" 13 "encoding/base64" 14 "encoding/hex" 15 "io" 16 "math/big" 17 "testing" 18 "testing/quick" 19 ) 20 21 func decodeBase64(in string) []byte { 22 out := make([]byte, base64.StdEncoding.DecodedLen(len(in))) 23 n, err := base64.StdEncoding.Decode(out, []byte(in)) 24 if err != nil { 25 return nil 26 } 27 return out[0:n] 28 } 29 30 type DecryptPKCS1v15Test struct { 31 in, out string 32 } 33 34 // These test vectors were generated with `openssl rsautl -pkcs -encrypt` 35 var decryptPKCS1v15Tests = []DecryptPKCS1v15Test{ 36 { 37 "gIcUIoVkD6ATMBk/u/nlCZCCWRKdkfjCgFdo35VpRXLduiKXhNz1XupLLzTXAybEq15juc+EgY5o0DHv/nt3yg==", 38 "x", 39 }, 40 { 41 "Y7TOCSqofGhkRb+jaVRLzK8xw2cSo1IVES19utzv6hwvx+M8kFsoWQm5DzBeJCZTCVDPkTpavUuEbgp8hnUGDw==", 42 "testing.", 43 }, 44 { 45 "arReP9DJtEVyV2Dg3dDp4c/PSk1O6lxkoJ8HcFupoRorBZG+7+1fDAwT1olNddFnQMjmkb8vxwmNMoTAT/BFjQ==", 46 "testing.\n", 47 }, 48 { 49 "WtaBXIoGC54+vH0NH0CHHE+dRDOsMc/6BrfFu2lEqcKL9+uDuWaf+Xj9mrbQCjjZcpQuX733zyok/jsnqe/Ftw==", 50 "01234567890123456789012345678901234567890123456789012", 51 }, 52 } 53 54 func TestDecryptPKCS1v15(t *testing.T) { 55 decryptionFuncs := []func([]byte) ([]byte, error){ 56 func(ciphertext []byte) (plaintext []byte, err error) { 57 return DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext) 58 }, 59 func(ciphertext []byte) (plaintext []byte, err error) { 60 return rsaPrivateKey.Decrypt(nil, ciphertext, nil) 61 }, 62 } 63 64 for _, decryptFunc := range decryptionFuncs { 65 for i, test := range decryptPKCS1v15Tests { 66 out, err := decryptFunc(decodeBase64(test.in)) 67 if err != nil { 68 t.Errorf("#%d error decrypting: %v", i, err) 69 } 70 want := []byte(test.out) 71 if !bytes.Equal(out, want) { 72 t.Errorf("#%d got:%#v want:%#v", i, out, want) 73 } 74 } 75 } 76 } 77 78 func TestEncryptPKCS1v15(t *testing.T) { 79 random := rand.Reader 80 k := (rsaPrivateKey.N.BitLen() + 7) / 8 81 82 tryEncryptDecrypt := func(in []byte, blind bool) bool { 83 if len(in) > k-11 { 84 in = in[0 : k-11] 85 } 86 87 ciphertext, err := EncryptPKCS1v15(random, &rsaPrivateKey.PublicKey, in) 88 if err != nil { 89 t.Errorf("error encrypting: %s", err) 90 return false 91 } 92 93 var rand io.Reader 94 if !blind { 95 rand = nil 96 } else { 97 rand = random 98 } 99 plaintext, err := DecryptPKCS1v15(rand, rsaPrivateKey, ciphertext) 100 if err != nil { 101 t.Errorf("error decrypting: %s", err) 102 return false 103 } 104 105 if !bytes.Equal(plaintext, in) { 106 t.Errorf("output mismatch: %#v %#v", plaintext, in) 107 return false 108 } 109 return true 110 } 111 112 config := new(quick.Config) 113 if testing.Short() { 114 config.MaxCount = 10 115 } 116 quick.Check(tryEncryptDecrypt, config) 117 } 118 119 // These test vectors were generated with `openssl rsautl -pkcs -encrypt` 120 var decryptPKCS1v15SessionKeyTests = []DecryptPKCS1v15Test{ 121 { 122 "e6ukkae6Gykq0fKzYwULpZehX+UPXYzMoB5mHQUDEiclRbOTqas4Y0E6nwns1BBpdvEJcilhl5zsox/6DtGsYg==", 123 "1234", 124 }, 125 { 126 "Dtis4uk/q/LQGGqGk97P59K03hkCIVFMEFZRgVWOAAhxgYpCRG0MX2adptt92l67IqMki6iVQyyt0TtX3IdtEw==", 127 "FAIL", 128 }, 129 { 130 "LIyFyCYCptPxrvTxpol8F3M7ZivlMsf53zs0vHRAv+rDIh2YsHS69ePMoPMe3TkOMZ3NupiL3takPxIs1sK+dw==", 131 "abcd", 132 }, 133 { 134 "bafnobel46bKy76JzqU/RIVOH0uAYvzUtauKmIidKgM0sMlvobYVAVQPeUQ/oTGjbIZ1v/6Gyi5AO4DtHruGdw==", 135 "FAIL", 136 }, 137 } 138 139 func TestEncryptPKCS1v15SessionKey(t *testing.T) { 140 for i, test := range decryptPKCS1v15SessionKeyTests { 141 key := []byte("FAIL") 142 err := DecryptPKCS1v15SessionKey(nil, rsaPrivateKey, decodeBase64(test.in), key) 143 if err != nil { 144 t.Errorf("#%d error decrypting", i) 145 } 146 want := []byte(test.out) 147 if !bytes.Equal(key, want) { 148 t.Errorf("#%d got:%#v want:%#v", i, key, want) 149 } 150 } 151 } 152 153 func TestEncryptPKCS1v15DecrypterSessionKey(t *testing.T) { 154 for i, test := range decryptPKCS1v15SessionKeyTests { 155 plaintext, err := rsaPrivateKey.Decrypt(rand.Reader, decodeBase64(test.in), &PKCS1v15DecryptOptions{SessionKeyLen: 4}) 156 if err != nil { 157 t.Fatalf("#%d: error decrypting: %s", i, err) 158 } 159 if len(plaintext) != 4 { 160 t.Fatalf("#%d: incorrect length plaintext: got %d, want 4", i, len(plaintext)) 161 } 162 163 if test.out != "FAIL" && !bytes.Equal(plaintext, []byte(test.out)) { 164 t.Errorf("#%d: incorrect plaintext: got %x, want %x", i, plaintext, test.out) 165 } 166 } 167 } 168 169 func TestNonZeroRandomBytes(t *testing.T) { 170 random := rand.Reader 171 172 b := make([]byte, 512) 173 err := nonZeroRandomBytes(b, random) 174 if err != nil { 175 t.Errorf("returned error: %s", err) 176 } 177 for _, b := range b { 178 if b == 0 { 179 t.Errorf("Zero octet found") 180 return 181 } 182 } 183 } 184 185 type signPKCS1v15Test struct { 186 in, out string 187 } 188 189 // These vectors have been tested with 190 // 191 // `openssl rsautl -verify -inkey pk -in signature | hexdump -C` 192 var signPKCS1v15Tests = []signPKCS1v15Test{ 193 {"Test.\n", "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e336ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362ae"}, 194 } 195 196 func TestSignPKCS1v15(t *testing.T) { 197 for i, test := range signPKCS1v15Tests { 198 h := sha1.New() 199 h.Write([]byte(test.in)) 200 digest := h.Sum(nil) 201 202 s, err := SignPKCS1v15(nil, rsaPrivateKey, crypto.SHA1, digest) 203 if err != nil { 204 t.Errorf("#%d %s", i, err) 205 } 206 207 expected, _ := hex.DecodeString(test.out) 208 if !bytes.Equal(s, expected) { 209 t.Errorf("#%d got: %x want: %x", i, s, expected) 210 } 211 } 212 } 213 214 func TestVerifyPKCS1v15(t *testing.T) { 215 for i, test := range signPKCS1v15Tests { 216 h := sha1.New() 217 h.Write([]byte(test.in)) 218 digest := h.Sum(nil) 219 220 sig, _ := hex.DecodeString(test.out) 221 222 err := VerifyPKCS1v15(&rsaPrivateKey.PublicKey, crypto.SHA1, digest, sig) 223 if err != nil { 224 t.Errorf("#%d %s", i, err) 225 } 226 } 227 } 228 229 func TestOverlongMessagePKCS1v15(t *testing.T) { 230 ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==") 231 _, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext) 232 if err == nil { 233 t.Error("RSA decrypted a message that was too long.") 234 } 235 } 236 237 func TestUnpaddedSignature(t *testing.T) { 238 msg := []byte("Thu Dec 19 18:06:16 EST 2013\n") 239 // This base64 value was generated with: 240 // % echo Thu Dec 19 18:06:16 EST 2013 > /tmp/msg 241 // % openssl rsautl -sign -inkey key -out /tmp/sig -in /tmp/msg 242 // 243 // Where "key" contains the RSA private key given at the bottom of this 244 // file. 245 expectedSig := decodeBase64("pX4DR8azytjdQ1rtUiC040FjkepuQut5q2ZFX1pTjBrOVKNjgsCDyiJDGZTCNoh9qpXYbhl7iEym30BWWwuiZg==") 246 247 sig, err := SignPKCS1v15(nil, rsaPrivateKey, crypto.Hash(0), msg) 248 if err != nil { 249 t.Fatalf("SignPKCS1v15 failed: %s", err) 250 } 251 if !bytes.Equal(sig, expectedSig) { 252 t.Fatalf("signature is not expected value: got %x, want %x", sig, expectedSig) 253 } 254 if err := VerifyPKCS1v15(&rsaPrivateKey.PublicKey, crypto.Hash(0), msg, sig); err != nil { 255 t.Fatalf("signature failed to verify: %s", err) 256 } 257 } 258 259 func TestShortSessionKey(t *testing.T) { 260 // This tests that attempting to decrypt a session key where the 261 // ciphertext is too small doesn't run outside the array bounds. 262 ciphertext, err := EncryptPKCS1v15(rand.Reader, &rsaPrivateKey.PublicKey, []byte{1}) 263 if err != nil { 264 t.Fatalf("Failed to encrypt short message: %s", err) 265 } 266 267 var key [32]byte 268 if err := DecryptPKCS1v15SessionKey(nil, rsaPrivateKey, ciphertext, key[:]); err != nil { 269 t.Fatalf("Failed to decrypt short message: %s", err) 270 } 271 272 for _, v := range key { 273 if v != 0 { 274 t.Fatal("key was modified when ciphertext was invalid") 275 } 276 } 277 } 278 279 // In order to generate new test vectors you'll need the PEM form of this key (and s/TESTING/PRIVATE/): 280 // -----BEGIN RSA TESTING KEY----- 281 // MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0 282 // fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu 283 // /ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu 284 // RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/ 285 // EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A 286 // IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS 287 // tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V 288 // -----END RSA TESTING KEY----- 289 290 var rsaPrivateKey = &PrivateKey{ 291 PublicKey: PublicKey{ 292 N: fromBase10("9353930466774385905609975137998169297361893554149986716853295022578535724979677252958524466350471210367835187480748268864277464700638583474144061408845077"), 293 E: 65537, 294 }, 295 D: fromBase10("7266398431328116344057699379749222532279343923819063639497049039389899328538543087657733766554155839834519529439851673014800261285757759040931985506583861"), 296 Primes: []*big.Int{ 297 fromBase10("98920366548084643601728869055592650835572950932266967461790948584315647051443"), 298 fromBase10("94560208308847015747498523884063394671606671904944666360068158221458669711639"), 299 }, 300 } 301 302 func TestShortPKCS1v15Signature(t *testing.T) { 303 pub := &PublicKey{ 304 E: 65537, 305 N: fromBase10("8272693557323587081220342447407965471608219912416565371060697606400726784709760494166080686904546560026343451112103559482851304715739629410219358933351333"), 306 } 307 sig, err := hex.DecodeString("193a310d0dcf64094c6e3a00c8219b80ded70535473acff72c08e1222974bb24a93a535b1dc4c59fc0e65775df7ba2007dd20e9193f4c4025a18a7070aee93") 308 if err != nil { 309 t.Fatalf("failed to decode signature: %s", err) 310 } 311 312 h := sha256.Sum256([]byte("hello")) 313 err = VerifyPKCS1v15(pub, crypto.SHA256, h[:], sig) 314 if err == nil { 315 t.Fatal("VerifyPKCS1v15 accepted a truncated signature") 316 } 317 }