Source file
src/crypto/rsa/rsa_test.go
1
2
3
4
5 package rsa_test
6
7 import (
8 "bufio"
9 "bytes"
10 "crypto"
11 "crypto/internal/boring"
12 "crypto/internal/cryptotest"
13 "crypto/rand"
14 . "crypto/rsa"
15 "crypto/sha1"
16 "crypto/sha256"
17 "crypto/sha512"
18 "crypto/x509"
19 "encoding/pem"
20 "flag"
21 "fmt"
22 "math/big"
23 "strings"
24 "testing"
25 )
26
27 func TestKeyGeneration(t *testing.T) {
28 sizes := []int{128, 512, 1024, 2048, 3072, 4096}
29 if testing.Short() {
30 sizes = sizes[:2]
31 }
32 for _, size := range sizes {
33 t.Run(fmt.Sprintf("%d", size), func(t *testing.T) {
34 if size < 1024 {
35 _, err := GenerateKey(rand.Reader, size)
36 if err == nil {
37 t.Errorf("GenerateKey(%d) succeeded without GODEBUG", size)
38 }
39 t.Setenv("GODEBUG", "rsa1024min=0")
40 }
41 priv, err := GenerateKey(rand.Reader, size)
42 if err != nil {
43 t.Errorf("GenerateKey(%d): %v", size, err)
44 }
45 if bits := priv.N.BitLen(); bits != size {
46 t.Errorf("key too short (%d vs %d)", bits, size)
47 }
48 testKeyBasics(t, priv)
49 })
50 }
51 }
52
53 func Test3PrimeKeyGeneration(t *testing.T) {
54 size := 1024
55 if testing.Short() {
56 t.Setenv("GODEBUG", "rsa1024min=0")
57 size = 256
58 }
59
60 priv, err := GenerateMultiPrimeKey(rand.Reader, 3, size)
61 if err != nil {
62 t.Errorf("failed to generate key")
63 }
64 testKeyBasics(t, priv)
65 }
66
67 func Test4PrimeKeyGeneration(t *testing.T) {
68 size := 1024
69 if testing.Short() {
70 t.Setenv("GODEBUG", "rsa1024min=0")
71 size = 256
72 }
73
74 priv, err := GenerateMultiPrimeKey(rand.Reader, 4, size)
75 if err != nil {
76 t.Errorf("failed to generate key")
77 }
78 testKeyBasics(t, priv)
79 }
80
81 func TestNPrimeKeyGeneration(t *testing.T) {
82 t.Setenv("GODEBUG", "rsa1024min=0")
83 primeSize := 64
84 maxN := 24
85 if testing.Short() {
86 primeSize = 16
87 maxN = 16
88 }
89
90 for n := 5; n < maxN; n++ {
91 priv, err := GenerateMultiPrimeKey(rand.Reader, n, 64+n*primeSize)
92 if err == nil {
93 testKeyBasics(t, priv)
94 } else {
95 t.Errorf("failed to generate %d-prime key", n)
96 }
97 }
98 }
99
100 func TestImpossibleKeyGeneration(t *testing.T) {
101
102
103 t.Setenv("GODEBUG", "rsa1024min=0")
104 for i := 0; i < 32; i++ {
105 GenerateKey(rand.Reader, i)
106 GenerateMultiPrimeKey(rand.Reader, 3, i)
107 GenerateMultiPrimeKey(rand.Reader, 4, i)
108 GenerateMultiPrimeKey(rand.Reader, 5, i)
109 }
110 }
111
112 func TestTinyKeyGeneration(t *testing.T) {
113
114 if testing.Short() {
115 t.Skip("skipping in short mode")
116 }
117 t.Setenv("GODEBUG", "rsa1024min=0")
118 for range 10000 {
119 k, err := GenerateKey(rand.Reader, 32)
120 if err != nil {
121 t.Fatalf("GenerateKey(32): %v", err)
122 }
123 if err := k.Validate(); err != nil {
124 t.Fatalf("Validate(32): %v", err)
125 }
126 }
127 }
128
129 func TestGnuTLSKey(t *testing.T) {
130 t.Setenv("GODEBUG", "rsa1024min=0")
131
132
133
134 priv := parseKey(testingKey(`-----BEGIN RSA TESTING KEY-----
135 MGECAQACEQDar8EuoZuSosYtE9SeXSyPAgMBAAECEBf7XDET8e6jjTcfO7y/sykC
136 CQDozXjCjkBzLQIJAPB6MqNbZaQrAghbZTdQoko5LQIIUp9ZiKDdYjMCCCCpqzmX
137 d8Y7
138 -----END RSA TESTING KEY-----`))
139 testKeyBasics(t, priv)
140 }
141
142 func testKeyBasics(t *testing.T, priv *PrivateKey) {
143 if err := priv.Validate(); err != nil {
144 t.Errorf("Validate() failed: %s", err)
145 }
146 if priv.D.Cmp(priv.N) > 0 {
147 t.Errorf("private exponent too large")
148 }
149
150 msg := []byte("hi!")
151 enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
152 if err != nil {
153 t.Errorf("EncryptPKCS1v15: %v", err)
154 return
155 }
156
157 dec, err := DecryptPKCS1v15(nil, priv, enc)
158 if err != nil {
159 t.Errorf("DecryptPKCS1v15: %v", err)
160 return
161 }
162 if !bytes.Equal(dec, msg) {
163 t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
164 }
165 }
166
167 func TestAllocations(t *testing.T) {
168 cryptotest.SkipTestAllocations(t)
169
170 m := []byte("Hello Gophers")
171 c, err := EncryptPKCS1v15(rand.Reader, &test2048Key.PublicKey, m)
172 if err != nil {
173 t.Fatal(err)
174 }
175
176 if allocs := testing.AllocsPerRun(100, func() {
177 p, err := DecryptPKCS1v15(nil, test2048Key, c)
178 if err != nil {
179 t.Fatal(err)
180 }
181 if !bytes.Equal(p, m) {
182 t.Fatalf("unexpected output: %q", p)
183 }
184 }); allocs > 10 {
185 t.Errorf("expected less than 10 allocations, got %0.1f", allocs)
186 }
187 }
188
189 var allFlag = flag.Bool("all", false, "test all key sizes up to 2048")
190
191 func TestEverything(t *testing.T) {
192 if testing.Short() {
193
194 for _, key := range []*PrivateKey{test1024Key, test2048Key} {
195 t.Run(fmt.Sprintf("%d", key.N.BitLen()), func(t *testing.T) {
196 t.Parallel()
197 testEverything(t, key)
198 })
199 }
200 return
201 }
202
203 t.Setenv("GODEBUG", "rsa1024min=0")
204 min := 32
205 max := 560
206 if *allFlag {
207 max = 2048
208 }
209 for size := min; size <= max; size++ {
210 size := size
211 t.Run(fmt.Sprintf("%d", size), func(t *testing.T) {
212 t.Parallel()
213 priv, err := GenerateKey(rand.Reader, size)
214 if err != nil {
215 t.Fatalf("GenerateKey(%d): %v", size, err)
216 }
217 if bits := priv.N.BitLen(); bits != size {
218 t.Errorf("key too short (%d vs %d)", bits, size)
219 }
220 testEverything(t, priv)
221 })
222 }
223 }
224
225 func testEverything(t *testing.T, priv *PrivateKey) {
226 if err := priv.Validate(); err != nil {
227 t.Errorf("Validate() failed: %s", err)
228 }
229
230 msg := []byte("test")
231 enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
232 if err == ErrMessageTooLong {
233 t.Log("key too small for EncryptPKCS1v15")
234 } else if err != nil {
235 t.Errorf("EncryptPKCS1v15: %v", err)
236 }
237 if err == nil {
238 dec, err := DecryptPKCS1v15(nil, priv, enc)
239 if err != nil {
240 t.Errorf("DecryptPKCS1v15: %v", err)
241 }
242 err = DecryptPKCS1v15SessionKey(nil, priv, enc, make([]byte, 4))
243 if err != nil {
244 t.Errorf("DecryptPKCS1v15SessionKey: %v", err)
245 }
246 if !bytes.Equal(dec, msg) {
247 t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
248 }
249 }
250
251 label := []byte("label")
252 enc, err = EncryptOAEP(sha256.New(), rand.Reader, &priv.PublicKey, msg, label)
253 if err == ErrMessageTooLong {
254 t.Log("key too small for EncryptOAEP")
255 } else if err != nil {
256 t.Errorf("EncryptOAEP: %v", err)
257 }
258 if err == nil {
259 dec, err := DecryptOAEP(sha256.New(), nil, priv, enc, label)
260 if err != nil {
261 t.Errorf("DecryptOAEP: %v", err)
262 }
263 if !bytes.Equal(dec, msg) {
264 t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
265 }
266 }
267
268 const hashMsg = "crypto/rsa: input must be hashed message"
269 sig, err := SignPKCS1v15(nil, priv, crypto.SHA256, msg)
270 if err == nil || err.Error() != hashMsg {
271 t.Errorf("SignPKCS1v15 with bad hash: err = %q, want %q", err, hashMsg)
272 }
273
274 hash := sha256.Sum256(msg)
275 sig, err = SignPKCS1v15(nil, priv, crypto.SHA256, hash[:])
276 if err == ErrMessageTooLong {
277 t.Log("key too small for SignPKCS1v15")
278 } else if err != nil {
279 t.Errorf("SignPKCS1v15: %v", err)
280 }
281 if err == nil {
282 err = VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, hash[:], sig)
283 if err != nil {
284 t.Errorf("VerifyPKCS1v15: %v", err)
285 }
286 sig[1] ^= 0x80
287 err = VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, hash[:], sig)
288 if err == nil {
289 t.Errorf("VerifyPKCS1v15 success for tampered signature")
290 }
291 sig[1] ^= 0x80
292 hash[1] ^= 0x80
293 err = VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, hash[:], sig)
294 if err == nil {
295 t.Errorf("VerifyPKCS1v15 success for tampered message")
296 }
297 hash[1] ^= 0x80
298 }
299
300 opts := &PSSOptions{SaltLength: PSSSaltLengthAuto}
301 sig, err = SignPSS(rand.Reader, priv, crypto.SHA256, hash[:], opts)
302 if err == ErrMessageTooLong {
303 t.Log("key too small for SignPSS with PSSSaltLengthAuto")
304 } else if err != nil {
305 t.Errorf("SignPSS: %v", err)
306 }
307 if err == nil {
308 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
309 if err != nil {
310 t.Errorf("VerifyPSS: %v", err)
311 }
312 sig[1] ^= 0x80
313 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
314 if err == nil {
315 t.Errorf("VerifyPSS success for tampered signature")
316 }
317 sig[1] ^= 0x80
318 hash[1] ^= 0x80
319 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
320 if err == nil {
321 t.Errorf("VerifyPSS success for tampered message")
322 }
323 hash[1] ^= 0x80
324 }
325
326 opts.SaltLength = PSSSaltLengthEqualsHash
327 sig, err = SignPSS(rand.Reader, priv, crypto.SHA256, hash[:], opts)
328 if err == ErrMessageTooLong {
329 t.Log("key too small for SignPSS with PSSSaltLengthEqualsHash")
330 } else if err != nil {
331 t.Errorf("SignPSS: %v", err)
332 }
333 if err == nil {
334 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
335 if err != nil {
336 t.Errorf("VerifyPSS: %v", err)
337 }
338 sig[1] ^= 0x80
339 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
340 if err == nil {
341 t.Errorf("VerifyPSS success for tampered signature")
342 }
343 sig[1] ^= 0x80
344 hash[1] ^= 0x80
345 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
346 if err == nil {
347 t.Errorf("VerifyPSS success for tampered message")
348 }
349 hash[1] ^= 0x80
350 }
351
352
353
354 c := bytes.Repeat([]byte{0xff}, priv.Size())
355 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], c, opts)
356 if err == nil {
357 t.Errorf("VerifyPSS accepted a large signature")
358 }
359 _, err = DecryptPKCS1v15(nil, priv, c)
360 if err == nil {
361 t.Errorf("DecryptPKCS1v15 accepted a large ciphertext")
362 }
363 c = append(c, 0xff)
364 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], c, opts)
365 if err == nil {
366 t.Errorf("VerifyPSS accepted a long signature")
367 }
368 _, err = DecryptPKCS1v15(nil, priv, c)
369 if err == nil {
370 t.Errorf("DecryptPKCS1v15 accepted a long ciphertext")
371 }
372
373 der, err := x509.MarshalPKCS8PrivateKey(priv)
374 if err != nil {
375 t.Errorf("MarshalPKCS8PrivateKey: %v", err)
376 }
377 key, err := x509.ParsePKCS8PrivateKey(der)
378 if err != nil {
379 t.Errorf("ParsePKCS8PrivateKey: %v", err)
380 }
381 if !key.(*PrivateKey).Equal(priv) {
382 t.Errorf("private key mismatch")
383 }
384
385 der, err = x509.MarshalPKIXPublicKey(&priv.PublicKey)
386 if err != nil {
387 t.Errorf("MarshalPKIXPublicKey: %v", err)
388 }
389 pub, err := x509.ParsePKIXPublicKey(der)
390 if err != nil {
391 t.Errorf("ParsePKIXPublicKey: %v", err)
392 }
393 if !pub.(*PublicKey).Equal(&priv.PublicKey) {
394 t.Errorf("public key mismatch")
395 }
396 }
397
398 func TestKeyTooSmall(t *testing.T) {
399 checkErr := func(err error) {
400 t.Helper()
401 if err == nil {
402 t.Error("expected error")
403 }
404 if !strings.Contains(err.Error(), "insecure") {
405 t.Errorf("unexpected error: %v", err)
406 }
407 }
408 checkErr2 := func(_ []byte, err error) {
409 t.Helper()
410 checkErr(err)
411 }
412
413 buf := make([]byte, 512/8)
414 checkErr2(test512Key.Sign(rand.Reader, buf, crypto.SHA512))
415 checkErr2(test512Key.Sign(rand.Reader, buf, &PSSOptions{SaltLength: PSSSaltLengthEqualsHash}))
416 checkErr2(test512Key.Decrypt(rand.Reader, buf, &PKCS1v15DecryptOptions{}))
417 checkErr2(test512Key.Decrypt(rand.Reader, buf, &OAEPOptions{Hash: crypto.SHA512}))
418 checkErr(VerifyPKCS1v15(&test512Key.PublicKey, crypto.SHA512, buf, buf))
419 checkErr(VerifyPSS(&test512Key.PublicKey, crypto.SHA512, buf, buf, &PSSOptions{SaltLength: PSSSaltLengthEqualsHash}))
420 checkErr2(SignPKCS1v15(rand.Reader, test512Key, crypto.SHA512, buf))
421 checkErr2(SignPSS(rand.Reader, test512Key, crypto.SHA512, buf, &PSSOptions{SaltLength: PSSSaltLengthEqualsHash}))
422 checkErr2(EncryptPKCS1v15(rand.Reader, &test512Key.PublicKey, buf))
423 checkErr2(EncryptOAEP(sha512.New(), rand.Reader, &test512Key.PublicKey, buf, nil))
424 checkErr2(DecryptPKCS1v15(nil, test512Key, buf))
425 checkErr2(DecryptOAEP(sha512.New(), nil, test512Key, buf, nil))
426 checkErr(DecryptPKCS1v15SessionKey(nil, test512Key, buf, buf))
427 }
428
429 func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") }
430
431 func parseKey(s string) *PrivateKey {
432 p, _ := pem.Decode([]byte(s))
433 if p.Type == "PRIVATE KEY" {
434 k, err := x509.ParsePKCS8PrivateKey(p.Bytes)
435 if err != nil {
436 panic(err)
437 }
438 return k.(*PrivateKey)
439 }
440 k, err := x509.ParsePKCS1PrivateKey(p.Bytes)
441 if err != nil {
442 panic(err)
443 }
444 return k
445 }
446
447 var rsaPrivateKey = test1024Key
448
449 var test512Key = parseKey(testingKey(`-----BEGIN RSA TESTING KEY-----
450 MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0
451 fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu
452 /ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu
453 RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/
454 EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A
455 IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS
456 tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V
457 -----END RSA TESTING KEY-----`))
458
459 var test512KeyTwo = parseKey(testingKey(`-----BEGIN TESTING KEY-----
460 MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEA0wLCoguSfgskR8tY
461 Fh2AzXQzBpSEmPucxtVe93HzPdQpxvtSTvZe5kIsdvPc7QZ0dCc/qbnUBRbuGIAl
462 Ir0c9QIDAQABAkAzul+AXhnhcFXKi9ziPwVOWIgRuuLupe//BluriXG53BEBSVrV
463 Hr7qFqwnSLSLroMzqhZwoqyRgjsLYyGEHDGBAiEA8T0sDPuht3w2Qv61IAvBwjLH
464 H4HXjRUEWYRn1XjHqAUCIQDf7BYlANRqFfvg1YK3VCM4YyK2mH1UivDi8wdPlJRk
465 MQIhAMp5i2WCNeNpD6n/WkqBU6kJMXPSaPZy82mm5feYHgt5AiEAkg/QnhB9fjma
466 1BzRqD4Uv0pDMXIkhooe+Rrn0OwtI3ECIQDP6nxML3JOjbAS7ydFBv176uVsMJib
467 r4PZozCXKuuGNg==
468 -----END PRIVATE KEY-----`))
469
470 var test1024Key = parseKey(testingKey(`-----BEGIN RSA TESTING KEY-----
471 MIICXQIBAAKBgQCw0YNSqI9T1VFvRsIOejZ9feiKz1SgGfbe9Xq5tEzt2yJCsbyg
472 +xtcuCswNhdqY5A1ZN7G60HbL4/Hh/TlLhFJ4zNHVylz9mDDx3yp4IIcK2lb566d
473 fTD0B5EQ9Iqub4twLUdLKQCBfyhmJJvsEqKxm4J4QWgI+Brh/Pm3d4piPwIDAQAB
474 AoGASC6fj6TkLfMNdYHLQqG9kOlPfys4fstarpZD7X+fUBJ/H/7y5DzeZLGCYAIU
475 +QeAHWv6TfZIQjReW7Qy00RFJdgwFlTFRCsKXhG5x+IB+jL0Grr08KbgPPDgy4Jm
476 xirRHZVtU8lGbkiZX+omDIU28EHLNWL6rFEcTWao/tERspECQQDp2G5Nw0qYWn7H
477 Wm9Up1zkUTnkUkCzhqtxHbeRvNmHGKE7ryGMJEk2RmgHVstQpsvuFY4lIUSZEjAc
478 DUFJERhFAkEAwZH6O1ULORp8sHKDdidyleYcZU8L7y9Y3OXJYqELfddfBgFUZeVQ
479 duRmJj7ryu0g0uurOTE+i8VnMg/ostxiswJBAOc64Dd8uLJWKa6uug+XPr91oi0n
480 OFtM+xHrNK2jc+WmcSg3UJDnAI3uqMc5B+pERLq0Dc6hStehqHjUko3RnZECQEGZ
481 eRYWciE+Cre5dzfZkomeXE0xBrhecV0bOq6EKWLSVE+yr6mAl05ThRK9DCfPSOpy
482 F6rgN3QiyCA9J/1FluUCQQC5nX+PTU1FXx+6Ri2ZCi6EjEKMHr7gHcABhMinZYOt
483 N59pra9UdVQw9jxCU9G7eMyb0jJkNACAuEwakX3gi27b
484 -----END RSA TESTING KEY-----`))
485
486 var test2048KeyPEM = testingKey(`-----BEGIN TESTING KEY-----
487 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNoyFUYeDuqw+k
488 iyv47iBy/udbWmQdpbUZ8JobHv8uQrvL7sQN6l83teHgNJsXqtiLF3MC+K+XI6Dq
489 hxUWfQwLip8WEnv7Jx/+53S8yp/CS4Jw86Q1bQHbZjFDpcoqSuwAxlegw18HNZCY
490 fpipYnA1lYCm+MTjtgXJQbjA0dwUGCf4BDMqt+76Jk3XZF5975rftbkGoT9eu8Jt
491 Xs5F5Xkwd8q3fkQz+fpLW4u9jrfFyQ61RRFkYrCjlhtGjYIzBHGgQM4n/sNXhiy5
492 h0tA7Xa6NyYrN/OXe/Y1K8Rz/tzlvbMoxgZgtBuKo1N3m8ckFi7hUVK2eNv7GoAb
493 teTTPrg/AgMBAAECggEAAnfsVpmsL3R0Bh4gXRpPeM63H6e1a8B8kyVwiO9o0cXX
494 gKp9+P39izfB0Kt6lyCj/Wg+wOQT7rg5qy1yIw7fBHGmcjquxh3uN0s3YZ+Vcym6
495 SAY5f0vh/OyJN9r3Uv8+Pc4jtb7So7QDzdWeZurssBmUB0avAMRdGNFGP5SyILcz
496 l3Q59hTxQ4czRHKjZ06L1/sA+tFVbO1j39FN8nMOU/ovLF4lAmZTkQ6AP6n6XPHP
497 B8Nq7jSYz6RDO200jzp6UsdrnjjkJRbzOxN/fn+ckCP+WYuq+y/d05ET9PdVa4qI
498 Jyr80D9QgHmfztcecvYwoskGnkb2F4Tmp0WnAj/xVQKBgQD4TrMLyyHdbAr5hoSi
499 p+r7qBQxnHxPe2FKO7aqagi4iPEHauEDgwPIcsOYota1ACiSs3BaESdJAClbqPYd
500 HDI4c2DZ6opux6WYkSju+tVXYW6qarR3fzrP3fUCdz2c2NfruWOqq8YmjzAhTNPm
501 YzvtzTdwheNYV0Vi71t1SfZmfQKBgQDUAgSUcrgXdGDnSbaNe6KwjY5oZWOQfZe2
502 DUhqfN/JRFZj+EMfIIh6OQXnZqkp0FeRdfRAFl8Yz8ESHEs4j+TikLJEeOdfmYLS
503 TWxlMPDTUGbUvSf4g358NJ8TlfYA7dYpSTNPXMRSLtsz1palmaDBTE/V2xKtTH6p
504 VglRNRUKawKBgCPqBh2TkN9czC2RFkgMb4FcqycN0jEQ0F6TSnVVhtNiAzKmc8s1
505 POvWJZJDIzjkv/mP+JUeXAdD/bdjNc26EU126rA6KzGgsMPjYv9FymusDPybGGUc
506 Qt5j5RcpNgEkn/5ZPyAlXjCfjz+RxChTfAyGHRmqU9qoLMIFir3pJ7llAoGBAMNH
507 sIxENwlzqyafoUUlEq/pU7kZWuJmrO2FwqRDraYoCiM/NCRhxRQ/ng6NY1gejepw
508 abD2alXiV4alBSxubne6rFmhvA00y2mG40c6Ezmxn2ZpbX3dMQ6bMcPKp7QnXtLc
509 mCSL4FGK02ImUNDsd0RVVFw51DRId4rmsuJYMK9NAoGAKlYdc4784ixTD2ZICIOC
510 ZWPxPAyQUEA7EkuUhAX1bVNG6UJTYA8kmGcUCG4jPTgWzi00IyUUr8jK7efyU/zs
511 qiJuVs1bia+flYIQpysMl1VzZh8gW1nkB4SVPm5l2wBvVJDIr9Mc6rueC/oVNkh2
512 fLVGuFoTVIu2bF0cWAjNNMg=
513 -----END TESTING KEY-----`)
514
515 var test2048Key = parseKey(test2048KeyPEM)
516
517 var test3072Key = parseKey(testingKey(`-----BEGIN TESTING KEY-----
518 MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDJrvevql7G07LM
519 xQAwAA1Oo8qUAkWfmpgrpxIUZE1QTyMCDaspQJGBBR2+iStrzi2NnWvyBz3jJWFZ
520 LepnsMUFSXj5Ez6bEt2x9YbLAAVGhI6USrGAKqRdJ77+F7yIVCJWcV4vtTyN86IO
521 UaHObwCR8GX7MUwJiRxDUZtYxJcwTMHSs4OWxNnqc+A8yRKn85CsCx0X9I1DULq+
522 5BL8gF3MUXvb2zYzIOGI1s3lXOo9tHVcRVB1eV7dZHDyYGxZ4Exj9eKhiOL52hE6
523 ZPTWCCKbQnyBV3HYe+t8DscOG/IzaAzLrx1s6xnqKEe5lUQ03Ty9QN3tpqqLsC4b
524 CUkdk6Ma43KXGkCmoPaGCkssSc9qOrwHrqoMkOnZDWOJ5mKHhINKWV/U7p54T7tx
525 FWI3PFvvYevoPf7cQdJcChbIBvQ+LEuVZvmljhONUjIGKBaqBz5Sjv7Fd5BNnBGz
526 8NwH6tYdT9kdTkCZdfrazbuhLxN0mhhXp2sePRV2KZsB7i7cUJMCAwEAAQKCAYAT
527 fqunbxmehhu237tUaHTg1e6WHvVu54kaUxm+ydvlTY5N5ldV801Sl4AtXjdJwjy0
528 qcj430qpTarawsLxMezhcB2BlKLNEjucC5EeHIrmAEMt7LMP90868prAweJHRTv/
529 zLvfcwPURClf0Uk0L0Dyr7Y+hnXZ8scTb2x2M06FQdjMY+4Yy+oKgm05mEVgNv1p
530 e+DcjhbSMRf+rVoeeSQCmhprATCnLDWmE1QEqIC7OoR2SPxC1rAHnhatfwo00nwz
531 rciN5YSOqoGa1WMNv6ut0HJWZnu5nR1OuZpaf+zrxlthMxPwhhPq0211J4fZviTO
532 WLnubXD3/G9TN1TszeFuO7Ty8HYYkTJ3RLRrTRrfwhOtOJ4tkuwSJol3QIs1asab
533 wYabuqyTv4+6JeoMBSLnMoA8rXSW9ti4gvJ1h8xMqmMF6e91Z0Fn7fvP5MCn/t8H
534 8cIPhYLOhdPH5JMqxozb/a1s+JKvRTLnAXxNjlmyXzNvC+3Ixp4q9O8dWJ8Gt+EC
535 gcEA+12m6iMXU3tBw1cYDcs/Jc0hOVgMAMgtnWZ4+p8RSucO/74bq82kdyAOJxao
536 spAcK03NnpRBDcYsSyuQrE6AXQYel1Gj98mMtOirwt2T9vH5fHT6oKsqEu03hYIB
537 5cggeie4wqKAOb9tVdShJk7YBJUgIXnAcqqmkD4oeUGzUV0QseQtspEHUJSqBQ9n
538 yR4DmyMECgLm47S9LwPMtgRh9ADLBaZeuIRdBEKCDPgNkdya/dLb8u8kE8Ox3T3R
539 +r2hAoHBAM1m1ZNqP9bEa74jZkpMxDN+vUdN7rZcxcpHu1nyii8OzXEopB+jByFA
540 lmMqnKt8z5DRD0dmHXzOggnKJGO2j63/XFaVmsaXcM2B8wlRCqwm4mBE/bYCEKJl
541 xqkDveICzwb1paWSgmFkjc6DN2g1jUd3ptOORuU38onrSphPHFxgyNlNTcOcXvxb
542 GW4R8iPinvpkY3shluWqRQTvai1+gNQlmKMdqXvreUjKqJFCOhoRUVG/MDv8IdP2
543 tXq43+UZswKBwQDSErOzi74r25/bVAdbR9gvjF7O4OGvKZzNpd1HfvbhxXcIjuXr
544 UEK5+AU777ju+ndATZahiD9R9qP/8pnHFxg6JiocxnMlW8EHVEhv4+SMBjA+Ljlj
545 W4kfJjc3ka5qTjWuQVIs/8fv+yayC7DeJhhsxACFWY5Xhn0LoZcLt7fYMNIKCauT
546 R5d4ZbYt4nEXaMkUt0/h2gkCloNhLmjAWatPU/ZYc3FH/f8K11Z+5jPZCihSJw4A
547 2pEpH2yffNHnHuECgcEAmxIWEHNYuwYT6brEETgfsFjxAZI+tIMZ+HtrYJ8R4DEm
548 vVXXguMMEPi4ESosmfNiqYyMInVfscgeuNFZ48YCd3Sg++V6so/G5ABFwjTi/9Fj
549 exbbDLxGXrTD5PokMyu3rSNr6bLQqELIJK8/93bmsJwO4Q07TPaOL73p1U90s/GF
550 8TjBivrVY2RLsKPv0VPYfmWoDV/wkneYH/+4g5xMGt4/fHZ6bEn8iQ4ncXM0dlW4
551 tSTIf6D80RAjNwG4VzitAoHAA8GLh22w+Cx8RPsj6xdrUiVFE+nNMMgeY8Mdjsrq
552 Fh4jJb+4zwSML9R6iJu/LH5B7Fre2Te8QrYP+k/jIHPYJtGesVt/WlAtpDCNsC3j
553 8CBzxwL6zkN+46pph35jPKUSaQQ2r8euNMp/sirkYcP8PpbdtifXCjN08QQIKsqj
554 17IGHe9jZX/EVnSshCkXOBHG31buV10k5GSkeKcoDrkpp25wQ6FjW9L3Q68y6Y8r
555 8h02sdAMB9Yc2A4EgzOySWoD
556 -----END TESTING KEY-----`))
557
558 var test4096Key = parseKey(testingKey(`-----BEGIN TESTING KEY-----
559 MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCmH55T2e8fdUaL
560 iWVL2yI7d/wOu/sxI4nVGoiRMiSMlMZlOEZ4oJY6l2y9N/b8ftwoIpjYO8CBk5au
561 x2Odgpuz+FJyHppvKakUIeAn4940zoNkRe/iptybIuH5tCBygjs0y1617TlR/c5+
562 FF5YRkzsEJrGcLqXzj0hDyrwdplBOv1xz2oHYlvKWWcVMR/qgwoRuj65Ef262t/Q
563 ELH3+fFLzIIstFTk2co2WaALquOsOB6xGOJSAAr8cIAWe+3MqWM8DOcgBuhABA42
564 9IhbBBw0uqTXUv/TGi6tcF29H2buSxAx/Wm6h2PstLd6IJAbWHAa6oTz87H0S6XZ
565 v42cYoFhHma1OJw4id1oOZMFDTPDbHxgUnr2puSU+Fpxrj9+FWwViKE4j0YatbG9
566 cNVpx9xo4NdvOkejWUrqziRorMZTk/zWKz0AkGQzTN3PrX0yy61BoWfznH/NXZ+o
567 j3PqVtkUs6schoIYvrUcdhTCrlLwGSHhU1VKNGAUlLbNrIYTQNgt2gqvjLEsn4/i
568 PgS1IsuDHIc7nGjzvKcuR0UeYCDkmBQqKrdhGbdJ1BRohzLdm+woRpjrqmUCbMa5
569 VWWldJen0YyAlxNILvXMD117azeduseM1sZeGA9L8MmE12auzNbKr371xzgANSXn
570 jRuyrblAZKc10kYStrcEmJdfNlzYAwIDAQABAoICABdQBpsD0W/buFuqm2GKzgIE
571 c4Xp0XVy5EvYnmOp4sEru6/GtvUErDBqwaLIMMv8TY8AU+y8beaBPLsoVg1rn8gg
572 yAklzExfT0/49QkEDFHizUOMIP7wpbLLsWSmZ4tKRV7CT3c+ZDXiZVECML84lmDm
573 b6H7feQB2EhEZaU7L4Sc76ZCEkIZBoKeCz5JF46EdyxHs7erE61eO9xqC1+eXsNh
574 Xr9BS0yWV69K4o/gmnS3p2747AHP6brFWuRM3fFDsB5kPScccQlSyF/j7yK+r+qi
575 arGg/y+z0+sZAr6gooQ8Wnh5dJXtnBNCxSDJYw/DWHAeiyvk/gsndo3ZONlCZZ9u
576 bpwBYx3hA2wTa5GUQxFM0KlI7Ftr9Cescf2jN6Ia48C6FcQsepMzD3jaMkLir8Jk
577 /YD/s5KPzNvwPAyLnf7x574JeWuuxTIPx6b/fHVtboDK6j6XQnzrN2Hy3ngvlEFo
578 zuGYVvtrz5pJXWGVSjZWG1kc9iXCdHKpmFdPj7XhU0gugTzQ/e5uRIqdOqfNLI37
579 fppSuWkWd5uaAg0Zuhd+2L4LG2GhVdfFa1UeHBe/ncFKz1km9Bmjvt04TpxlRnVG
580 wHxJZKlxpxCZ3AuLNUMP/QazPXO8OIfGOCbwkgFiqRY32mKDUvmEADBBoYpk/wBv
581 qV99g5gvYFC5Le4QLzOJAoIBAQDcnqnK2tgkISJhsLs2Oj8vEcT7dU9vVnPSxTcC
582 M0F+8ITukn33K0biUlA+ktcQaF+eeLjfbjkn/H0f2Ajn++ldT56MgAFutZkYvwxJ
583 2A6PVB3jesauSpe8aqoKMDIj8HSA3+AwH+yU+yA9r5EdUq1S6PscP+5Wj22+thAa
584 l65CFD77C0RX0lly5zdjQo3Vyca2HYGm/cshFCPRZc66TPjNAHFthbqktKjMQ91H
585 Hg+Gun2zv8KqeSzMDeHnef4rVaWMIyIBzpu3QdkKPUXMQQxvJ+RW7+MORV9VjE7Z
586 KVnHa/6x9n+jvtQ0ydHc2n0NOp6BQghTCB2G3w3JJfmPcRSNAoIBAQDAw6mPddoz
587 UUzANMOYcFtos4EaWfTQE2okSLVAmLY2gtAK6ldTv6X9xl0IiC/DmWqiNZJ/WmVI
588 glkp6iZhxBSmqov0X9P0M+jdz7CRnbZDFhQWPxSPicurYuPKs52IC08HgIrwErzT
589 /lh+qRXEqzT8rTdftywj5fE89w52NPHBsMS07VhFsJtU4aY2Yl8y1PHeumXU6h66
590 yTvoCLLxJPiLIg9PgvbMF+RiYyomIg75gwfx4zWvIvWdXifQBC88fE7lP2u5gtWL
591 JUJaMy6LNKHn8YezvwQp0dRecvvoqzoApOuHfsPASHb9cfvcy/BxDXFMJO4QWCi1
592 6WLaR835nKLPAoIBAFw7IHSjxNRl3b/FaJ6k/yEoZpdRVaIQHF+y/uo2j10IJCqw
593 p2SbfQjErLNcI/jCCadwhKkzpUVoMs8LO73v/IF79aZ7JR4pYRWNWQ/N+VhGLDCb
594 dVAL8x9b4DZeK7gGoE34SfsUfY1S5wmiyiHeHIOazs/ikjsxvwmJh3X2j20klafR
595 8AJe9/InY2plunHz5tTfxQIQ+8iaaNbzntcXsrPRSZol2/9bX231uR4wHQGQGVj6
596 A+HMwsOT0is5Pt7S8WCCl4b13vdf2eKD9xgK4a3emYEWzG985PwYqiXzOYs7RMEV
597 cgr8ji57aPbRiJHtPbJ/7ob3z5BA07yR2aDz/0kCggEAZDyajHYNLAhHr98AIuGy
598 NsS5CpnietzNoeaJEfkXL0tgoXxwQqVyzH7827XtmHnLgGP5NO4tosHdWbVflhEf
599 Z/dhZYb7MY5YthcMyvvGziXJ9jOBHo7Z8Nowd7Rk41x2EQGfve0QcfBd1idYoXch
600 y47LL6OReW1Vv4z84Szw1fZ0o1yUPVDzxPS9uKP4uvcOevJUh53isuB3nVYArvK5
601 p6fjbEY+zaxS33KPdVrajJa9Z+Ptg4/bRqSycTHr2jkN0ZnkC4hkQMH0OfFJb6vD
602 0VfAaBCZOqHZG/AQ3FFFjRY1P7UEV5WXAn3mKU+HTVJfKug9PxSIvueIttcF3Zm8
603 8wKCAQAM43+DnGW1w34jpsTAeOXC5mhIz7J8spU6Uq5bJIheEE2AbX1z+eRVErZX
604 1WsRNPsNrQfdt/b5IKboBbSYKoGxxRMngJI1eJqyj4LxZrACccS3euAlcU1q+3oN
605 T10qfQol54KjGld/HVDhzbsZJxzLDqvPlroWgwLdOLDMXhwJYfTnqMEQkaG4Aawr
606 3P14+Zp/woLiPWw3iZFcL/bt23IOa9YI0NoLhp5MFNXfIuzx2FhVz6BUSeVfQ6Ko
607 Nx2YZ03g6Kt6B6c43LJx1a/zEPYSZcPERgWOSHlcjmwRfTs6uoN9xt1qs4zEUaKv
608 Axreud3rJ0rekUp6rI1joG717Wls
609 -----END TESTING KEY-----`))
610
611 func BenchmarkDecryptPKCS1v15(b *testing.B) {
612 b.Run("2048", func(b *testing.B) { benchmarkDecryptPKCS1v15(b, test2048Key) })
613 b.Run("3072", func(b *testing.B) { benchmarkDecryptPKCS1v15(b, test3072Key) })
614 b.Run("4096", func(b *testing.B) { benchmarkDecryptPKCS1v15(b, test4096Key) })
615 }
616
617 func benchmarkDecryptPKCS1v15(b *testing.B, k *PrivateKey) {
618 r := bufio.NewReaderSize(rand.Reader, 1<<15)
619
620 m := []byte("Hello Gophers")
621 c, err := EncryptPKCS1v15(r, &k.PublicKey, m)
622 if err != nil {
623 b.Fatal(err)
624 }
625
626 b.ResetTimer()
627 var sink byte
628 for i := 0; i < b.N; i++ {
629 p, err := DecryptPKCS1v15(r, k, c)
630 if err != nil {
631 b.Fatal(err)
632 }
633 if !bytes.Equal(p, m) {
634 b.Fatalf("unexpected output: %q", p)
635 }
636 sink ^= p[0]
637 }
638 }
639
640 func BenchmarkEncryptPKCS1v15(b *testing.B) {
641 b.Run("2048", func(b *testing.B) {
642 r := bufio.NewReaderSize(rand.Reader, 1<<15)
643 m := []byte("Hello Gophers")
644
645 var sink byte
646 for i := 0; i < b.N; i++ {
647 c, err := EncryptPKCS1v15(r, &test2048Key.PublicKey, m)
648 if err != nil {
649 b.Fatal(err)
650 }
651 sink ^= c[0]
652 }
653 })
654 }
655
656 func BenchmarkDecryptOAEP(b *testing.B) {
657 b.Run("2048", func(b *testing.B) {
658 r := bufio.NewReaderSize(rand.Reader, 1<<15)
659
660 m := []byte("Hello Gophers")
661 c, err := EncryptOAEP(sha256.New(), r, &test2048Key.PublicKey, m, nil)
662 if err != nil {
663 b.Fatal(err)
664 }
665
666 b.ResetTimer()
667 var sink byte
668 for i := 0; i < b.N; i++ {
669 p, err := DecryptOAEP(sha256.New(), r, test2048Key, c, nil)
670 if err != nil {
671 b.Fatal(err)
672 }
673 if !bytes.Equal(p, m) {
674 b.Fatalf("unexpected output: %q", p)
675 }
676 sink ^= p[0]
677 }
678 })
679 }
680
681 func BenchmarkEncryptOAEP(b *testing.B) {
682 b.Run("2048", func(b *testing.B) {
683 r := bufio.NewReaderSize(rand.Reader, 1<<15)
684 m := []byte("Hello Gophers")
685
686 var sink byte
687 for i := 0; i < b.N; i++ {
688 c, err := EncryptOAEP(sha256.New(), r, &test2048Key.PublicKey, m, nil)
689 if err != nil {
690 b.Fatal(err)
691 }
692 sink ^= c[0]
693 }
694 })
695 }
696
697 func BenchmarkSignPKCS1v15(b *testing.B) {
698 b.Run("2048", func(b *testing.B) {
699 hashed := sha256.Sum256([]byte("testing"))
700
701 var sink byte
702 b.ResetTimer()
703 for i := 0; i < b.N; i++ {
704 s, err := SignPKCS1v15(rand.Reader, test2048Key, crypto.SHA256, hashed[:])
705 if err != nil {
706 b.Fatal(err)
707 }
708 sink ^= s[0]
709 }
710 })
711 }
712
713 func BenchmarkVerifyPKCS1v15(b *testing.B) {
714 b.Run("2048", func(b *testing.B) {
715 hashed := sha256.Sum256([]byte("testing"))
716 s, err := SignPKCS1v15(rand.Reader, test2048Key, crypto.SHA256, hashed[:])
717 if err != nil {
718 b.Fatal(err)
719 }
720
721 b.ResetTimer()
722 for i := 0; i < b.N; i++ {
723 err := VerifyPKCS1v15(&test2048Key.PublicKey, crypto.SHA256, hashed[:], s)
724 if err != nil {
725 b.Fatal(err)
726 }
727 }
728 })
729 }
730
731 func BenchmarkSignPSS(b *testing.B) {
732 b.Run("2048", func(b *testing.B) {
733 hashed := sha256.Sum256([]byte("testing"))
734
735 var sink byte
736 b.ResetTimer()
737 for i := 0; i < b.N; i++ {
738 s, err := SignPSS(rand.Reader, test2048Key, crypto.SHA256, hashed[:], nil)
739 if err != nil {
740 b.Fatal(err)
741 }
742 sink ^= s[0]
743 }
744 })
745 }
746
747 func BenchmarkVerifyPSS(b *testing.B) {
748 b.Run("2048", func(b *testing.B) {
749 hashed := sha256.Sum256([]byte("testing"))
750 s, err := SignPSS(rand.Reader, test2048Key, crypto.SHA256, hashed[:], nil)
751 if err != nil {
752 b.Fatal(err)
753 }
754
755 b.ResetTimer()
756 for i := 0; i < b.N; i++ {
757 err := VerifyPSS(&test2048Key.PublicKey, crypto.SHA256, hashed[:], s, nil)
758 if err != nil {
759 b.Fatal(err)
760 }
761 }
762 })
763 }
764
765 func BenchmarkGenerateKey(b *testing.B) {
766 b.Run("2048", func(b *testing.B) {
767 for i := 0; i < b.N; i++ {
768 if _, err := GenerateKey(rand.Reader, 2048); err != nil {
769 b.Fatal(err)
770 }
771 }
772 })
773 }
774
775 func BenchmarkParsePKCS8PrivateKey(b *testing.B) {
776 b.Run("2048", func(b *testing.B) {
777 p, _ := pem.Decode([]byte(test2048KeyPEM))
778 b.ResetTimer()
779 for i := 0; i < b.N; i++ {
780 if _, err := x509.ParsePKCS8PrivateKey(p.Bytes); err != nil {
781 b.Fatal(err)
782 }
783 }
784 })
785 }
786
787 type testEncryptOAEPMessage struct {
788 in []byte
789 seed []byte
790 out []byte
791 }
792
793 type testEncryptOAEPStruct struct {
794 modulus string
795 e int
796 d string
797 msgs []testEncryptOAEPMessage
798 }
799
800 func TestEncryptOAEP(t *testing.T) {
801 sha1 := sha1.New()
802 n := new(big.Int)
803 for i, test := range testEncryptOAEPData {
804 n.SetString(test.modulus, 16)
805 public := PublicKey{N: n, E: test.e}
806
807 for j, message := range test.msgs {
808 randomSource := bytes.NewReader(message.seed)
809 out, err := EncryptOAEP(sha1, randomSource, &public, message.in, nil)
810 if err != nil {
811 t.Errorf("#%d,%d error: %s", i, j, err)
812 }
813 if !bytes.Equal(out, message.out) {
814 t.Errorf("#%d,%d bad result: %x (want %x)", i, j, out, message.out)
815 }
816 }
817 }
818 }
819
820 func TestDecryptOAEP(t *testing.T) {
821 random := rand.Reader
822
823 sha1 := sha1.New()
824 n := new(big.Int)
825 d := new(big.Int)
826 for i, test := range testEncryptOAEPData {
827 n.SetString(test.modulus, 16)
828 d.SetString(test.d, 16)
829 private := new(PrivateKey)
830 private.PublicKey = PublicKey{N: n, E: test.e}
831 private.D = d
832
833 for j, message := range test.msgs {
834 out, err := DecryptOAEP(sha1, nil, private, message.out, nil)
835 if err != nil {
836 t.Errorf("#%d,%d error: %s", i, j, err)
837 } else if !bytes.Equal(out, message.in) {
838 t.Errorf("#%d,%d bad result: %#v (want %#v)", i, j, out, message.in)
839 }
840
841
842 out, err = DecryptOAEP(sha1, random, private, message.out, nil)
843 if err != nil {
844 t.Errorf("#%d,%d (blind) error: %s", i, j, err)
845 } else if !bytes.Equal(out, message.in) {
846 t.Errorf("#%d,%d (blind) bad result: %#v (want %#v)", i, j, out, message.in)
847 }
848 }
849 if testing.Short() {
850 break
851 }
852 }
853 }
854
855 func Test2DecryptOAEP(t *testing.T) {
856 random := rand.Reader
857
858 msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22}
859 in := []byte{0x72, 0x26, 0x84, 0xc9, 0xcf, 0xd6, 0xa8, 0x96, 0x04, 0x3e, 0x34, 0x07, 0x2c, 0x4f, 0xe6, 0x52, 0xbe, 0x46, 0x3c, 0xcf, 0x79, 0x21, 0x09, 0x64, 0xe7, 0x33, 0x66, 0x9b, 0xf8, 0x14, 0x22, 0x43, 0xfe, 0x8e, 0x52, 0x8b, 0xe0, 0x5f, 0x98, 0xef, 0x54, 0xac, 0x6b, 0xc6, 0x26, 0xac, 0x5b, 0x1b, 0x4b, 0x7d, 0x2e, 0xd7, 0x69, 0x28, 0x5a, 0x2f, 0x4a, 0x95, 0x89, 0x6c, 0xc7, 0x53, 0x95, 0xc7, 0xd2, 0x89, 0x04, 0x6f, 0x94, 0x74, 0x9b, 0x09, 0x0d, 0xf4, 0x61, 0x2e, 0xab, 0x48, 0x57, 0x4a, 0xbf, 0x95, 0xcb, 0xff, 0x15, 0xe2, 0xa0, 0x66, 0x58, 0xf7, 0x46, 0xf8, 0xc7, 0x0b, 0xb5, 0x1e, 0xa7, 0xba, 0x36, 0xce, 0xdd, 0x36, 0x41, 0x98, 0x6e, 0x10, 0xf9, 0x3b, 0x70, 0xbb, 0xa1, 0xda, 0x00, 0x40, 0xd5, 0xa5, 0x3f, 0x87, 0x64, 0x32, 0x7c, 0xbc, 0x50, 0x52, 0x0e, 0x4f, 0x21, 0xbd}
860
861 n := new(big.Int)
862 d := new(big.Int)
863 n.SetString(testEncryptOAEPData[0].modulus, 16)
864 d.SetString(testEncryptOAEPData[0].d, 16)
865 priv := new(PrivateKey)
866 priv.PublicKey = PublicKey{N: n, E: testEncryptOAEPData[0].e}
867 priv.D = d
868 sha1 := crypto.SHA1
869 sha256 := crypto.SHA256
870
871 out, err := priv.Decrypt(random, in, &OAEPOptions{MGFHash: sha1, Hash: sha256})
872
873 if err != nil {
874 t.Errorf("error: %s", err)
875 } else if !bytes.Equal(out, msg) {
876 t.Errorf("bad result %#v (want %#v)", out, msg)
877 }
878 }
879
880 func TestEncryptDecryptOAEP(t *testing.T) {
881 sha256 := sha256.New()
882 n := new(big.Int)
883 d := new(big.Int)
884 for i, test := range testEncryptOAEPData {
885 n.SetString(test.modulus, 16)
886 d.SetString(test.d, 16)
887 priv := new(PrivateKey)
888 priv.PublicKey = PublicKey{N: n, E: test.e}
889 priv.D = d
890
891 for j, message := range test.msgs {
892 label := []byte(fmt.Sprintf("hi#%d", j))
893 enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, message.in, label)
894 if err != nil {
895 t.Errorf("#%d,%d: EncryptOAEP: %v", i, j, err)
896 continue
897 }
898 dec, err := DecryptOAEP(sha256, rand.Reader, priv, enc, label)
899 if err != nil {
900 t.Errorf("#%d,%d: DecryptOAEP: %v", i, j, err)
901 continue
902 }
903 if !bytes.Equal(dec, message.in) {
904 t.Errorf("#%d,%d: round trip %q -> %q", i, j, message.in, dec)
905 }
906 }
907 }
908 }
909
910
911 var testEncryptOAEPData = []testEncryptOAEPStruct{
912
913 {"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb",
914 65537,
915 "53339cfdb79fc8466a655c7316aca85c55fd8f6dd898fdaf119517ef4f52e8fd8e258df93fee180fa0e4ab29693cd83b152a553d4ac4d1812b8b9fa5af0e7f55fe7304df41570926f3311f15c4d65a732c483116ee3d3d2d0af3549ad9bf7cbfb78ad884f84d5beb04724dc7369b31def37d0cf539e9cfcdd3de653729ead5d1",
916 []testEncryptOAEPMessage{
917
918 {
919 []byte{0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0,
920 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23, 0x97,
921 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe,
922 0xfe, 0x34,
923 },
924 []byte{0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69,
925 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1, 0xdd,
926 0xa0, 0xa5, 0xef,
927 },
928 []byte{0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d,
929 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f, 0x7b,
930 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf,
931 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb, 0x21, 0x69, 0x6d,
932 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f,
933 0x8a, 0xfc, 0xc2, 0x01, 0x03, 0x5f, 0x7b, 0x6d, 0x8e,
934 0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a,
935 0x53, 0x5f, 0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f,
936 0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22,
937 0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70,
938 0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26, 0xd9, 0x8c,
939 0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94,
940 0xa0, 0xd9, 0xfa, 0x1e, 0x8c, 0x40, 0x24, 0x30, 0x9c,
941 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a,
942 0xc7, 0x2e, 0x8a,
943 },
944 },
945
946 {
947 []byte{0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4,
948 0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9, 0xba,
949 0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f,
950 0x9d, 0xd5,
951 },
952 []byte{0x0c, 0xc7, 0x42, 0xce, 0x4a, 0x9b, 0x7f, 0x32,
953 0xf9, 0x51, 0xbc, 0xb2, 0x51, 0xef, 0xd9, 0x25, 0xfe,
954 0x4f, 0xe3, 0x5f,
955 },
956 []byte{0x64, 0x0d, 0xb1, 0xac, 0xc5, 0x8e, 0x05, 0x68,
957 0xfe, 0x54, 0x07, 0xe5, 0xf9, 0xb7, 0x01, 0xdf, 0xf8,
958 0xc3, 0xc9, 0x1e, 0x71, 0x6c, 0x53, 0x6f, 0xc7, 0xfc,
959 0xec, 0x6c, 0xb5, 0xb7, 0x1c, 0x11, 0x65, 0x98, 0x8d,
960 0x4a, 0x27, 0x9e, 0x15, 0x77, 0xd7, 0x30, 0xfc, 0x7a,
961 0x29, 0x93, 0x2e, 0x3f, 0x00, 0xc8, 0x15, 0x15, 0x23,
962 0x6d, 0x8d, 0x8e, 0x31, 0x01, 0x7a, 0x7a, 0x09, 0xdf,
963 0x43, 0x52, 0xd9, 0x04, 0xcd, 0xeb, 0x79, 0xaa, 0x58,
964 0x3a, 0xdc, 0xc3, 0x1e, 0xa6, 0x98, 0xa4, 0xc0, 0x52,
965 0x83, 0xda, 0xba, 0x90, 0x89, 0xbe, 0x54, 0x91, 0xf6,
966 0x7c, 0x1a, 0x4e, 0xe4, 0x8d, 0xc7, 0x4b, 0xbb, 0xe6,
967 0x64, 0x3a, 0xef, 0x84, 0x66, 0x79, 0xb4, 0xcb, 0x39,
968 0x5a, 0x35, 0x2d, 0x5e, 0xd1, 0x15, 0x91, 0x2d, 0xf6,
969 0x96, 0xff, 0xe0, 0x70, 0x29, 0x32, 0x94, 0x6d, 0x71,
970 0x49, 0x2b, 0x44,
971 },
972 },
973
974 {
975 []byte{0xd9, 0x4a, 0xe0, 0x83, 0x2e, 0x64, 0x45, 0xce,
976 0x42, 0x33, 0x1c, 0xb0, 0x6d, 0x53, 0x1a, 0x82, 0xb1,
977 0xdb, 0x4b, 0xaa, 0xd3, 0x0f, 0x74, 0x6d, 0xc9, 0x16,
978 0xdf, 0x24, 0xd4, 0xe3, 0xc2, 0x45, 0x1f, 0xff, 0x59,
979 0xa6, 0x42, 0x3e, 0xb0, 0xe1, 0xd0, 0x2d, 0x4f, 0xe6,
980 0x46, 0xcf, 0x69, 0x9d, 0xfd, 0x81, 0x8c, 0x6e, 0x97,
981 0xb0, 0x51,
982 },
983 []byte{0x25, 0x14, 0xdf, 0x46, 0x95, 0x75, 0x5a, 0x67,
984 0xb2, 0x88, 0xea, 0xf4, 0x90, 0x5c, 0x36, 0xee, 0xc6,
985 0x6f, 0xd2, 0xfd,
986 },
987 []byte{0x42, 0x37, 0x36, 0xed, 0x03, 0x5f, 0x60, 0x26,
988 0xaf, 0x27, 0x6c, 0x35, 0xc0, 0xb3, 0x74, 0x1b, 0x36,
989 0x5e, 0x5f, 0x76, 0xca, 0x09, 0x1b, 0x4e, 0x8c, 0x29,
990 0xe2, 0xf0, 0xbe, 0xfe, 0xe6, 0x03, 0x59, 0x5a, 0xa8,
991 0x32, 0x2d, 0x60, 0x2d, 0x2e, 0x62, 0x5e, 0x95, 0xeb,
992 0x81, 0xb2, 0xf1, 0xc9, 0x72, 0x4e, 0x82, 0x2e, 0xca,
993 0x76, 0xdb, 0x86, 0x18, 0xcf, 0x09, 0xc5, 0x34, 0x35,
994 0x03, 0xa4, 0x36, 0x08, 0x35, 0xb5, 0x90, 0x3b, 0xc6,
995 0x37, 0xe3, 0x87, 0x9f, 0xb0, 0x5e, 0x0e, 0xf3, 0x26,
996 0x85, 0xd5, 0xae, 0xc5, 0x06, 0x7c, 0xd7, 0xcc, 0x96,
997 0xfe, 0x4b, 0x26, 0x70, 0xb6, 0xea, 0xc3, 0x06, 0x6b,
998 0x1f, 0xcf, 0x56, 0x86, 0xb6, 0x85, 0x89, 0xaa, 0xfb,
999 0x7d, 0x62, 0x9b, 0x02, 0xd8, 0xf8, 0x62, 0x5c, 0xa3,
1000 0x83, 0x36, 0x24, 0xd4, 0x80, 0x0f, 0xb0, 0x81, 0xb1,
1001 0xcf, 0x94, 0xeb,
1002 },
1003 },
1004 },
1005 },
1006
1007 {"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb",
1008 65537,
1009 "056b04216fe5f354ac77250a4b6b0c8525a85c59b0bd80c56450a22d5f438e596a333aa875e291dd43f48cb88b9d5fc0d499f9fcd1c397f9afc070cd9e398c8d19e61db7c7410a6b2675dfbf5d345b804d201add502d5ce2dfcb091ce9997bbebe57306f383e4d588103f036f7e85d1934d152a323e4a8db451d6f4a5b1b0f102cc150e02feee2b88dea4ad4c1baccb24d84072d14e1d24a6771f7408ee30564fb86d4393a34bcf0b788501d193303f13a2284b001f0f649eaf79328d4ac5c430ab4414920a9460ed1b7bc40ec653e876d09abc509ae45b525190116a0c26101848298509c1c3bf3a483e7274054e15e97075036e989f60932807b5257751e79",
1010 []testEncryptOAEPMessage{
1011
1012 {
1013 []byte{0x8b, 0xba, 0x6b, 0xf8, 0x2a, 0x6c, 0x0f, 0x86,
1014 0xd5, 0xf1, 0x75, 0x6e, 0x97, 0x95, 0x68, 0x70, 0xb0,
1015 0x89, 0x53, 0xb0, 0x6b, 0x4e, 0xb2, 0x05, 0xbc, 0x16,
1016 0x94, 0xee,
1017 },
1018 []byte{0x47, 0xe1, 0xab, 0x71, 0x19, 0xfe, 0xe5, 0x6c,
1019 0x95, 0xee, 0x5e, 0xaa, 0xd8, 0x6f, 0x40, 0xd0, 0xaa,
1020 0x63, 0xbd, 0x33,
1021 },
1022 []byte{0x53, 0xea, 0x5d, 0xc0, 0x8c, 0xd2, 0x60, 0xfb,
1023 0x3b, 0x85, 0x85, 0x67, 0x28, 0x7f, 0xa9, 0x15, 0x52,
1024 0xc3, 0x0b, 0x2f, 0xeb, 0xfb, 0xa2, 0x13, 0xf0, 0xae,
1025 0x87, 0x70, 0x2d, 0x06, 0x8d, 0x19, 0xba, 0xb0, 0x7f,
1026 0xe5, 0x74, 0x52, 0x3d, 0xfb, 0x42, 0x13, 0x9d, 0x68,
1027 0xc3, 0xc5, 0xaf, 0xee, 0xe0, 0xbf, 0xe4, 0xcb, 0x79,
1028 0x69, 0xcb, 0xf3, 0x82, 0xb8, 0x04, 0xd6, 0xe6, 0x13,
1029 0x96, 0x14, 0x4e, 0x2d, 0x0e, 0x60, 0x74, 0x1f, 0x89,
1030 0x93, 0xc3, 0x01, 0x4b, 0x58, 0xb9, 0xb1, 0x95, 0x7a,
1031 0x8b, 0xab, 0xcd, 0x23, 0xaf, 0x85, 0x4f, 0x4c, 0x35,
1032 0x6f, 0xb1, 0x66, 0x2a, 0xa7, 0x2b, 0xfc, 0xc7, 0xe5,
1033 0x86, 0x55, 0x9d, 0xc4, 0x28, 0x0d, 0x16, 0x0c, 0x12,
1034 0x67, 0x85, 0xa7, 0x23, 0xeb, 0xee, 0xbe, 0xff, 0x71,
1035 0xf1, 0x15, 0x94, 0x44, 0x0a, 0xae, 0xf8, 0x7d, 0x10,
1036 0x79, 0x3a, 0x87, 0x74, 0xa2, 0x39, 0xd4, 0xa0, 0x4c,
1037 0x87, 0xfe, 0x14, 0x67, 0xb9, 0xda, 0xf8, 0x52, 0x08,
1038 0xec, 0x6c, 0x72, 0x55, 0x79, 0x4a, 0x96, 0xcc, 0x29,
1039 0x14, 0x2f, 0x9a, 0x8b, 0xd4, 0x18, 0xe3, 0xc1, 0xfd,
1040 0x67, 0x34, 0x4b, 0x0c, 0xd0, 0x82, 0x9d, 0xf3, 0xb2,
1041 0xbe, 0xc6, 0x02, 0x53, 0x19, 0x62, 0x93, 0xc6, 0xb3,
1042 0x4d, 0x3f, 0x75, 0xd3, 0x2f, 0x21, 0x3d, 0xd4, 0x5c,
1043 0x62, 0x73, 0xd5, 0x05, 0xad, 0xf4, 0xcc, 0xed, 0x10,
1044 0x57, 0xcb, 0x75, 0x8f, 0xc2, 0x6a, 0xee, 0xfa, 0x44,
1045 0x12, 0x55, 0xed, 0x4e, 0x64, 0xc1, 0x99, 0xee, 0x07,
1046 0x5e, 0x7f, 0x16, 0x64, 0x61, 0x82, 0xfd, 0xb4, 0x64,
1047 0x73, 0x9b, 0x68, 0xab, 0x5d, 0xaf, 0xf0, 0xe6, 0x3e,
1048 0x95, 0x52, 0x01, 0x68, 0x24, 0xf0, 0x54, 0xbf, 0x4d,
1049 0x3c, 0x8c, 0x90, 0xa9, 0x7b, 0xb6, 0xb6, 0x55, 0x32,
1050 0x84, 0xeb, 0x42, 0x9f, 0xcc,
1051 },
1052 },
1053 },
1054 },
1055 }
1056
1057 func TestPSmallerThanQ(t *testing.T) {
1058
1059 k := parseKey(testingKey(`-----BEGIN RSA TESTING KEY-----
1060 MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
1061 KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
1062 o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
1063 TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
1064 9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
1065 v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
1066 /5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
1067 -----END RSA TESTING KEY-----`))
1068 t.Setenv("GODEBUG", "rsa1024min=0")
1069 if boring.Enabled {
1070 t.Skip("BoringCrypto mode returns the wrong error from SignPSS")
1071 }
1072 testEverything(t, k)
1073 }
1074
View as plain text