Colin Cross | 7bb052a | 2015-02-03 12:59:37 -0800 | [diff] [blame^] | 1 | // Copyright 2009 The Go Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style |
| 3 | // license that can be found in the LICENSE file. |
| 4 | |
| 5 | package rsa |
| 6 | |
| 7 | import ( |
| 8 | "bytes" |
| 9 | "crypto" |
| 10 | "crypto/rand" |
| 11 | "crypto/sha1" |
| 12 | "encoding/base64" |
| 13 | "encoding/hex" |
| 14 | "io" |
| 15 | "math/big" |
| 16 | "testing" |
| 17 | "testing/quick" |
| 18 | ) |
| 19 | |
| 20 | func decodeBase64(in string) []byte { |
| 21 | out := make([]byte, base64.StdEncoding.DecodedLen(len(in))) |
| 22 | n, err := base64.StdEncoding.Decode(out, []byte(in)) |
| 23 | if err != nil { |
| 24 | return nil |
| 25 | } |
| 26 | return out[0:n] |
| 27 | } |
| 28 | |
| 29 | type DecryptPKCS1v15Test struct { |
| 30 | in, out string |
| 31 | } |
| 32 | |
| 33 | // These test vectors were generated with `openssl rsautl -pkcs -encrypt` |
| 34 | var decryptPKCS1v15Tests = []DecryptPKCS1v15Test{ |
| 35 | { |
| 36 | "gIcUIoVkD6ATMBk/u/nlCZCCWRKdkfjCgFdo35VpRXLduiKXhNz1XupLLzTXAybEq15juc+EgY5o0DHv/nt3yg==", |
| 37 | "x", |
| 38 | }, |
| 39 | { |
| 40 | "Y7TOCSqofGhkRb+jaVRLzK8xw2cSo1IVES19utzv6hwvx+M8kFsoWQm5DzBeJCZTCVDPkTpavUuEbgp8hnUGDw==", |
| 41 | "testing.", |
| 42 | }, |
| 43 | { |
| 44 | "arReP9DJtEVyV2Dg3dDp4c/PSk1O6lxkoJ8HcFupoRorBZG+7+1fDAwT1olNddFnQMjmkb8vxwmNMoTAT/BFjQ==", |
| 45 | "testing.\n", |
| 46 | }, |
| 47 | { |
| 48 | "WtaBXIoGC54+vH0NH0CHHE+dRDOsMc/6BrfFu2lEqcKL9+uDuWaf+Xj9mrbQCjjZcpQuX733zyok/jsnqe/Ftw==", |
| 49 | "01234567890123456789012345678901234567890123456789012", |
| 50 | }, |
| 51 | } |
| 52 | |
| 53 | func TestDecryptPKCS1v15(t *testing.T) { |
| 54 | for i, test := range decryptPKCS1v15Tests { |
| 55 | out, err := DecryptPKCS1v15(nil, rsaPrivateKey, decodeBase64(test.in)) |
| 56 | if err != nil { |
| 57 | t.Errorf("#%d error decrypting", i) |
| 58 | } |
| 59 | want := []byte(test.out) |
| 60 | if !bytes.Equal(out, want) { |
| 61 | t.Errorf("#%d got:%#v want:%#v", i, out, want) |
| 62 | } |
| 63 | } |
| 64 | } |
| 65 | |
| 66 | func TestEncryptPKCS1v15(t *testing.T) { |
| 67 | random := rand.Reader |
| 68 | k := (rsaPrivateKey.N.BitLen() + 7) / 8 |
| 69 | |
| 70 | tryEncryptDecrypt := func(in []byte, blind bool) bool { |
| 71 | if len(in) > k-11 { |
| 72 | in = in[0 : k-11] |
| 73 | } |
| 74 | |
| 75 | ciphertext, err := EncryptPKCS1v15(random, &rsaPrivateKey.PublicKey, in) |
| 76 | if err != nil { |
| 77 | t.Errorf("error encrypting: %s", err) |
| 78 | return false |
| 79 | } |
| 80 | |
| 81 | var rand io.Reader |
| 82 | if !blind { |
| 83 | rand = nil |
| 84 | } else { |
| 85 | rand = random |
| 86 | } |
| 87 | plaintext, err := DecryptPKCS1v15(rand, rsaPrivateKey, ciphertext) |
| 88 | if err != nil { |
| 89 | t.Errorf("error decrypting: %s", err) |
| 90 | return false |
| 91 | } |
| 92 | |
| 93 | if !bytes.Equal(plaintext, in) { |
| 94 | t.Errorf("output mismatch: %#v %#v", plaintext, in) |
| 95 | return false |
| 96 | } |
| 97 | return true |
| 98 | } |
| 99 | |
| 100 | config := new(quick.Config) |
| 101 | if testing.Short() { |
| 102 | config.MaxCount = 10 |
| 103 | } |
| 104 | quick.Check(tryEncryptDecrypt, config) |
| 105 | } |
| 106 | |
| 107 | // These test vectors were generated with `openssl rsautl -pkcs -encrypt` |
| 108 | var decryptPKCS1v15SessionKeyTests = []DecryptPKCS1v15Test{ |
| 109 | { |
| 110 | "e6ukkae6Gykq0fKzYwULpZehX+UPXYzMoB5mHQUDEiclRbOTqas4Y0E6nwns1BBpdvEJcilhl5zsox/6DtGsYg==", |
| 111 | "1234", |
| 112 | }, |
| 113 | { |
| 114 | "Dtis4uk/q/LQGGqGk97P59K03hkCIVFMEFZRgVWOAAhxgYpCRG0MX2adptt92l67IqMki6iVQyyt0TtX3IdtEw==", |
| 115 | "FAIL", |
| 116 | }, |
| 117 | { |
| 118 | "LIyFyCYCptPxrvTxpol8F3M7ZivlMsf53zs0vHRAv+rDIh2YsHS69ePMoPMe3TkOMZ3NupiL3takPxIs1sK+dw==", |
| 119 | "abcd", |
| 120 | }, |
| 121 | { |
| 122 | "bafnobel46bKy76JzqU/RIVOH0uAYvzUtauKmIidKgM0sMlvobYVAVQPeUQ/oTGjbIZ1v/6Gyi5AO4DtHruGdw==", |
| 123 | "FAIL", |
| 124 | }, |
| 125 | } |
| 126 | |
| 127 | func TestEncryptPKCS1v15SessionKey(t *testing.T) { |
| 128 | for i, test := range decryptPKCS1v15SessionKeyTests { |
| 129 | key := []byte("FAIL") |
| 130 | err := DecryptPKCS1v15SessionKey(nil, rsaPrivateKey, decodeBase64(test.in), key) |
| 131 | if err != nil { |
| 132 | t.Errorf("#%d error decrypting", i) |
| 133 | } |
| 134 | want := []byte(test.out) |
| 135 | if !bytes.Equal(key, want) { |
| 136 | t.Errorf("#%d got:%#v want:%#v", i, key, want) |
| 137 | } |
| 138 | } |
| 139 | } |
| 140 | |
| 141 | func TestNonZeroRandomBytes(t *testing.T) { |
| 142 | random := rand.Reader |
| 143 | |
| 144 | b := make([]byte, 512) |
| 145 | err := nonZeroRandomBytes(b, random) |
| 146 | if err != nil { |
| 147 | t.Errorf("returned error: %s", err) |
| 148 | } |
| 149 | for _, b := range b { |
| 150 | if b == 0 { |
| 151 | t.Errorf("Zero octet found") |
| 152 | return |
| 153 | } |
| 154 | } |
| 155 | } |
| 156 | |
| 157 | type signPKCS1v15Test struct { |
| 158 | in, out string |
| 159 | } |
| 160 | |
| 161 | // These vectors have been tested with |
| 162 | // `openssl rsautl -verify -inkey pk -in signature | hexdump -C` |
| 163 | var signPKCS1v15Tests = []signPKCS1v15Test{ |
| 164 | {"Test.\n", "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e336ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362ae"}, |
| 165 | } |
| 166 | |
| 167 | func TestSignPKCS1v15(t *testing.T) { |
| 168 | for i, test := range signPKCS1v15Tests { |
| 169 | h := sha1.New() |
| 170 | h.Write([]byte(test.in)) |
| 171 | digest := h.Sum(nil) |
| 172 | |
| 173 | s, err := SignPKCS1v15(nil, rsaPrivateKey, crypto.SHA1, digest) |
| 174 | if err != nil { |
| 175 | t.Errorf("#%d %s", i, err) |
| 176 | } |
| 177 | |
| 178 | expected, _ := hex.DecodeString(test.out) |
| 179 | if !bytes.Equal(s, expected) { |
| 180 | t.Errorf("#%d got: %x want: %x", i, s, expected) |
| 181 | } |
| 182 | } |
| 183 | } |
| 184 | |
| 185 | func TestVerifyPKCS1v15(t *testing.T) { |
| 186 | for i, test := range signPKCS1v15Tests { |
| 187 | h := sha1.New() |
| 188 | h.Write([]byte(test.in)) |
| 189 | digest := h.Sum(nil) |
| 190 | |
| 191 | sig, _ := hex.DecodeString(test.out) |
| 192 | |
| 193 | err := VerifyPKCS1v15(&rsaPrivateKey.PublicKey, crypto.SHA1, digest, sig) |
| 194 | if err != nil { |
| 195 | t.Errorf("#%d %s", i, err) |
| 196 | } |
| 197 | } |
| 198 | } |
| 199 | |
| 200 | func TestOverlongMessagePKCS1v15(t *testing.T) { |
| 201 | ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==") |
| 202 | _, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext) |
| 203 | if err == nil { |
| 204 | t.Error("RSA decrypted a message that was too long.") |
| 205 | } |
| 206 | } |
| 207 | |
| 208 | func TestUnpaddedSignature(t *testing.T) { |
| 209 | msg := []byte("Thu Dec 19 18:06:16 EST 2013\n") |
| 210 | // This base64 value was generated with: |
| 211 | // % echo Thu Dec 19 18:06:16 EST 2013 > /tmp/msg |
| 212 | // % openssl rsautl -sign -inkey key -out /tmp/sig -in /tmp/msg |
| 213 | // |
| 214 | // Where "key" contains the RSA private key given at the bottom of this |
| 215 | // file. |
| 216 | expectedSig := decodeBase64("pX4DR8azytjdQ1rtUiC040FjkepuQut5q2ZFX1pTjBrOVKNjgsCDyiJDGZTCNoh9qpXYbhl7iEym30BWWwuiZg==") |
| 217 | |
| 218 | sig, err := SignPKCS1v15(nil, rsaPrivateKey, crypto.Hash(0), msg) |
| 219 | if err != nil { |
| 220 | t.Fatalf("SignPKCS1v15 failed: %s", err) |
| 221 | } |
| 222 | if !bytes.Equal(sig, expectedSig) { |
| 223 | t.Fatalf("signature is not expected value: got %x, want %x", sig, expectedSig) |
| 224 | } |
| 225 | if err := VerifyPKCS1v15(&rsaPrivateKey.PublicKey, crypto.Hash(0), msg, sig); err != nil { |
| 226 | t.Fatalf("signature failed to verify: %s", err) |
| 227 | } |
| 228 | } |
| 229 | |
| 230 | func TestShortSessionKey(t *testing.T) { |
| 231 | // This tests that attempting to decrypt a session key where the |
| 232 | // ciphertext is too small doesn't run outside the array bounds. |
| 233 | ciphertext, err := EncryptPKCS1v15(rand.Reader, &rsaPrivateKey.PublicKey, []byte{1}) |
| 234 | if err != nil { |
| 235 | t.Fatalf("Failed to encrypt short message: %s", err) |
| 236 | } |
| 237 | |
| 238 | var key [32]byte |
| 239 | if err := DecryptPKCS1v15SessionKey(nil, rsaPrivateKey, ciphertext, key[:]); err != nil { |
| 240 | t.Fatalf("Failed to decrypt short message: %s", err) |
| 241 | } |
| 242 | |
| 243 | for _, v := range key { |
| 244 | if v != 0 { |
| 245 | t.Fatal("key was modified when ciphertext was invalid") |
| 246 | } |
| 247 | } |
| 248 | } |
| 249 | |
| 250 | // In order to generate new test vectors you'll need the PEM form of this key: |
| 251 | // -----BEGIN RSA PRIVATE KEY----- |
| 252 | // MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0 |
| 253 | // fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu |
| 254 | // /ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu |
| 255 | // RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/ |
| 256 | // EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A |
| 257 | // IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS |
| 258 | // tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V |
| 259 | // -----END RSA PRIVATE KEY----- |
| 260 | |
| 261 | var rsaPrivateKey = &PrivateKey{ |
| 262 | PublicKey: PublicKey{ |
| 263 | N: fromBase10("9353930466774385905609975137998169297361893554149986716853295022578535724979677252958524466350471210367835187480748268864277464700638583474144061408845077"), |
| 264 | E: 65537, |
| 265 | }, |
| 266 | D: fromBase10("7266398431328116344057699379749222532279343923819063639497049039389899328538543087657733766554155839834519529439851673014800261285757759040931985506583861"), |
| 267 | Primes: []*big.Int{ |
| 268 | fromBase10("98920366548084643601728869055592650835572950932266967461790948584315647051443"), |
| 269 | fromBase10("94560208308847015747498523884063394671606671904944666360068158221458669711639"), |
| 270 | }, |
| 271 | } |