Colin Cross | 7bb052a | 2015-02-03 12:59:37 -0800 | [diff] [blame^] | 1 | // Copyright 2012 The Go Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style |
| 3 | // license that can be found in the LICENSE file. |
| 4 | |
| 5 | package x509 |
| 6 | |
| 7 | import ( |
| 8 | "bytes" |
| 9 | "crypto/rand" |
| 10 | "encoding/base64" |
| 11 | "encoding/pem" |
| 12 | "testing" |
| 13 | ) |
| 14 | |
| 15 | func TestDecrypt(t *testing.T) { |
| 16 | for i, data := range testData { |
| 17 | t.Logf("test %v. %v", i, data.kind) |
| 18 | block, rest := pem.Decode(data.pemData) |
| 19 | if len(rest) > 0 { |
| 20 | t.Error("extra data") |
| 21 | } |
| 22 | der, err := DecryptPEMBlock(block, data.password) |
| 23 | if err != nil { |
| 24 | t.Error("decrypt failed: ", err) |
| 25 | continue |
| 26 | } |
| 27 | if _, err := ParsePKCS1PrivateKey(der); err != nil { |
| 28 | t.Error("invalid private key: ", err) |
| 29 | } |
| 30 | plainDER, err := base64.StdEncoding.DecodeString(data.plainDER) |
| 31 | if err != nil { |
| 32 | t.Fatal("cannot decode test DER data: ", err) |
| 33 | } |
| 34 | if !bytes.Equal(der, plainDER) { |
| 35 | t.Error("data mismatch") |
| 36 | } |
| 37 | } |
| 38 | } |
| 39 | |
| 40 | func TestEncrypt(t *testing.T) { |
| 41 | for i, data := range testData { |
| 42 | t.Logf("test %v. %v", i, data.kind) |
| 43 | plainDER, err := base64.StdEncoding.DecodeString(data.plainDER) |
| 44 | if err != nil { |
| 45 | t.Fatal("cannot decode test DER data: ", err) |
| 46 | } |
| 47 | password := []byte("kremvax1") |
| 48 | block, err := EncryptPEMBlock(rand.Reader, "RSA PRIVATE KEY", plainDER, password, data.kind) |
| 49 | if err != nil { |
| 50 | t.Error("encrypt: ", err) |
| 51 | continue |
| 52 | } |
| 53 | if !IsEncryptedPEMBlock(block) { |
| 54 | t.Error("PEM block does not appear to be encrypted") |
| 55 | } |
| 56 | if block.Type != "RSA PRIVATE KEY" { |
| 57 | t.Errorf("unexpected block type; got %q want %q", block.Type, "RSA PRIVATE KEY") |
| 58 | } |
| 59 | if block.Headers["Proc-Type"] != "4,ENCRYPTED" { |
| 60 | t.Errorf("block does not have correct Proc-Type header") |
| 61 | } |
| 62 | der, err := DecryptPEMBlock(block, password) |
| 63 | if err != nil { |
| 64 | t.Error("decrypt: ", err) |
| 65 | continue |
| 66 | } |
| 67 | if !bytes.Equal(der, plainDER) { |
| 68 | t.Errorf("data mismatch") |
| 69 | } |
| 70 | } |
| 71 | } |
| 72 | |
| 73 | var testData = []struct { |
| 74 | kind PEMCipher |
| 75 | password []byte |
| 76 | pemData []byte |
| 77 | plainDER string |
| 78 | }{ |
| 79 | { |
| 80 | kind: PEMCipherDES, |
| 81 | password: []byte("asdf"), |
| 82 | pemData: []byte(` |
| 83 | -----BEGIN RSA PRIVATE KEY----- |
| 84 | Proc-Type: 4,ENCRYPTED |
| 85 | DEK-Info: DES-CBC,34F09A4FC8DE22B5 |
| 86 | |
| 87 | WXxy8kbZdiZvANtKvhmPBLV7eVFj2A5z6oAxvI9KGyhG0ZK0skfnt00C24vfU7m5 |
| 88 | ICXeoqP67lzJ18xCzQfHjDaBNs53DSDT+Iz4e8QUep1xQ30+8QKX2NA2coee3nwc |
| 89 | 6oM1cuvhNUDemBH2i3dKgMVkfaga0zQiiOq6HJyGSncCMSruQ7F9iWEfRbFcxFCx |
| 90 | qtHb1kirfGKEtgWTF+ynyco6+2gMXNu70L7nJcnxnV/RLFkHt7AUU1yrclxz7eZz |
| 91 | XOH9VfTjb52q/I8Suozq9coVQwg4tXfIoYUdT//O+mB7zJb9HI9Ps77b9TxDE6Gm |
| 92 | 4C9brwZ3zg2vqXcwwV6QRZMtyll9rOpxkbw6NPlpfBqkc3xS51bbxivbO/Nve4KD |
| 93 | r12ymjFNF4stXCfJnNqKoZ50BHmEEUDu5Wb0fpVn82XrGw7CYc4iug== |
| 94 | -----END RSA PRIVATE KEY-----`), |
| 95 | plainDER: ` |
| 96 | MIIBPAIBAAJBAPASZe+tCPU6p80AjHhDkVsLYa51D35e/YGa8QcZyooeZM8EHozo |
| 97 | KD0fNiKI+53bHdy07N+81VQ8/ejPcRoXPlsCAwEAAQJBAMTxIuSq27VpR+zZ7WJf |
| 98 | c6fvv1OBvpMZ0/d1pxL/KnOAgq2rD5hDtk9b0LGhTPgQAmrrMTKuSeGoIuYE+gKQ |
| 99 | QvkCIQD+GC1m+/do+QRurr0uo46Kx1LzLeSCrjBk34wiOp2+dwIhAPHfTLRXS2fv |
| 100 | 7rljm0bYa4+eDZpz+E8RcXEgzhhvcQQ9AiAI5eHZJGOyml3MXnQjiPi55WcDOw0w |
| 101 | glcRgT6QCEtz2wIhANSyqaFtosIkHKqrDUGfz/bb5tqMYTAnBruVPaf/WEOBAiEA |
| 102 | 9xORWeRG1tRpso4+dYy4KdDkuLPIO01KY6neYGm3BCM=`, |
| 103 | }, |
| 104 | { |
| 105 | kind: PEMCipher3DES, |
| 106 | password: []byte("asdf"), |
| 107 | pemData: []byte(` |
| 108 | -----BEGIN RSA PRIVATE KEY----- |
| 109 | Proc-Type: 4,ENCRYPTED |
| 110 | DEK-Info: DES-EDE3-CBC,C1F4A6A03682C2C7 |
| 111 | |
| 112 | 0JqVdBEH6iqM7drTkj+e2W/bE3LqakaiWhb9WUVonFkhyu8ca/QzebY3b5gCvAZQ |
| 113 | YwBvDcT/GHospKqPx+cxDHJNsUASDZws6bz8ZXWJGwZGExKzr0+Qx5fgXn44Ms3x |
| 114 | 8g1ENFuTXtxo+KoNK0zuAMAqp66Llcds3Fjl4XR18QaD0CrVNAfOdgATWZm5GJxk |
| 115 | Fgx5f84nT+/ovvreG+xeOzWgvtKo0UUZVrhGOgfKLpa57adumcJ6SkUuBtEFpZFB |
| 116 | ldw5w7WC7d13x2LsRkwo8ZrDKgIV+Y9GNvhuCCkTzNP0V3gNeJpd201HZHR+9n3w |
| 117 | 3z0VjR/MGqsfcy1ziEWMNOO53At3zlG6zP05aHMnMcZoVXadEK6L1gz++inSSDCq |
| 118 | gI0UJP4e3JVB7AkgYymYAwiYALAkoEIuanxoc50njJk= |
| 119 | -----END RSA PRIVATE KEY-----`), |
| 120 | plainDER: ` |
| 121 | MIIBOwIBAAJBANOCXKdoNS/iP/MAbl9cf1/SF3P+Ns7ZeNL27CfmDh0O6Zduaax5 |
| 122 | NBiumd2PmjkaCu7lQ5JOibHfWn+xJsc3kw0CAwEAAQJANX/W8d1Q/sCqzkuAn4xl |
| 123 | B5a7qfJWaLHndu1QRLNTRJPn0Ee7OKJ4H0QKOhQM6vpjRrz+P2u9thn6wUxoPsef |
| 124 | QQIhAP/jCkfejFcy4v15beqKzwz08/tslVjF+Yq41eJGejmxAiEA05pMoqfkyjcx |
| 125 | fyvGhpoOyoCp71vSGUfR2I9CR65oKh0CIC1Msjs66LlfJtQctRq6bCEtFCxEcsP+ |
| 126 | eEjYo/Sk6WphAiEAxpgWPMJeU/shFT28gS+tmhjPZLpEoT1qkVlC14u0b3ECIQDX |
| 127 | tZZZxCtPAm7shftEib0VU77Lk8MsXJcx2C4voRsjEw==`, |
| 128 | }, |
| 129 | { |
| 130 | kind: PEMCipherAES128, |
| 131 | password: []byte("asdf"), |
| 132 | pemData: []byte(` |
| 133 | -----BEGIN RSA PRIVATE KEY----- |
| 134 | Proc-Type: 4,ENCRYPTED |
| 135 | DEK-Info: AES-128-CBC,D4492E793FC835CC038A728ED174F78A |
| 136 | |
| 137 | EyfQSzXSjv6BaNH+NHdXRlkHdimpF9izWlugVJAPApgXrq5YldPe2aGIOFXyJ+QE |
| 138 | ZIG20DYqaPzJRjTEbPNZ6Es0S2JJ5yCpKxwJuDkgJZKtF39Q2i36JeGbSZQIuWJE |
| 139 | GZbBpf1jDH/pr0iGonuAdl2PCCZUiy+8eLsD2tyviHUkFLOB+ykYoJ5t8ngZ/B6D |
| 140 | 33U43LLb7+9zD4y3Q9OVHqBFGyHcxCY9+9Qh4ZnFp7DTf6RY5TNEvE3s4g6aDpBs |
| 141 | 3NbvRVvYTgs8K9EPk4K+5R+P2kD8J8KvEIGxVa1vz8QoCJ/jr7Ka2rvNgPCex5/E |
| 142 | 080LzLHPCrXKdlr/f50yhNWq08ZxMWQFkui+FDHPDUaEELKAXV8/5PDxw80Rtybo |
| 143 | AVYoCVIbZXZCuCO81op8UcOgEpTtyU5Lgh3Mw5scQL0= |
| 144 | -----END RSA PRIVATE KEY-----`), |
| 145 | plainDER: ` |
| 146 | MIIBOgIBAAJBAMBlj5FxYtqbcy8wY89d/S7n0+r5MzD9F63BA/Lpl78vQKtdJ5dT |
| 147 | cDGh/rBt1ufRrNp0WihcmZi7Mpl/3jHjiWECAwEAAQJABNOHYnKhtDIqFYj1OAJ3 |
| 148 | k3GlU0OlERmIOoeY/cL2V4lgwllPBEs7r134AY4wMmZSBUj8UR/O4SNO668ElKPE |
| 149 | cQIhAOuqY7/115x5KCdGDMWi+jNaMxIvI4ETGwV40ykGzqlzAiEA0P9oEC3m9tHB |
| 150 | kbpjSTxaNkrXxDgdEOZz8X0uOUUwHNsCIAwzcSCiGLyYJTULUmP1ESERfW1mlV78 |
| 151 | XzzESaJpIM/zAiBQkSTcl9VhcJreQqvjn5BnPZLP4ZHS4gPwJAGdsj5J4QIhAOVR |
| 152 | B3WlRNTXR2WsJ5JdByezg9xzdXzULqmga0OE339a`, |
| 153 | }, |
| 154 | { |
| 155 | kind: PEMCipherAES192, |
| 156 | password: []byte("asdf"), |
| 157 | pemData: []byte(` |
| 158 | -----BEGIN RSA PRIVATE KEY----- |
| 159 | Proc-Type: 4,ENCRYPTED |
| 160 | DEK-Info: AES-192-CBC,E2C9FB02BCA23ADE1829F8D8BC5F5369 |
| 161 | |
| 162 | cqVslvHqDDM6qwU6YjezCRifXmKsrgEev7ng6Qs7UmDJOpHDgJQZI9fwMFUhIyn5 |
| 163 | FbCu1SHkLMW52Ld3CuEqMnzWMlhPrW8tFvUOrMWPYSisv7nNq88HobZEJcUNL2MM |
| 164 | Y15XmHW6IJwPqhKyLHpWXyOCVEh4ODND2nV15PCoi18oTa475baxSk7+1qH7GuIs |
| 165 | Rb7tshNTMqHbCpyo9Rn3UxeFIf9efdl8YLiMoIqc7J8E5e9VlbeQSdLMQOgDAQJG |
| 166 | ReUtTw8exmKsY4gsSjhkg5uiw7/ZB1Ihto0qnfQJgjGc680qGkT1d6JfvOfeYAk6 |
| 167 | xn5RqS/h8rYAYm64KnepfC9vIujo4NqpaREDmaLdX5MJPQ+SlytITQvgUsUq3q/t |
| 168 | Ss85xjQEZH3hzwjQqdJvmA4hYP6SUjxYpBM+02xZ1Xw= |
| 169 | -----END RSA PRIVATE KEY-----`), |
| 170 | plainDER: ` |
| 171 | MIIBOwIBAAJBAMGcRrZiNNmtF20zyS6MQ7pdGx17aFDl+lTl+qnLuJRUCMUG05xs |
| 172 | OmxmL/O1Qlf+bnqR8Bgg65SfKg21SYuLhiMCAwEAAQJBAL94uuHyO4wux2VC+qpj |
| 173 | IzPykjdU7XRcDHbbvksf4xokSeUFjjD3PB0Qa83M94y89ZfdILIqS9x5EgSB4/lX |
| 174 | qNkCIQD6cCIqLfzq/lYbZbQgAAjpBXeQVYsbvVtJrPrXJAlVVQIhAMXpDKMeFPMn |
| 175 | J0g2rbx1gngx0qOa5r5iMU5w/noN4W2XAiBjf+WzCG5yFvazD+dOx3TC0A8+4x3P |
| 176 | uZ3pWbaXf5PNuQIgAcdXarvhelH2w2piY1g3BPeFqhzBSCK/yLGxR82KIh8CIQDD |
| 177 | +qGKsd09NhQ/G27y/DARzOYtml1NvdmCQAgsDIIOLA==`, |
| 178 | }, |
| 179 | { |
| 180 | kind: PEMCipherAES256, |
| 181 | password: []byte("asdf"), |
| 182 | pemData: []byte(` |
| 183 | -----BEGIN RSA PRIVATE KEY----- |
| 184 | Proc-Type: 4,ENCRYPTED |
| 185 | DEK-Info: AES-256-CBC,8E7ED5CD731902CE938957A886A5FFBD |
| 186 | |
| 187 | 4Mxr+KIzRVwoOP0wwq6caSkvW0iS+GE2h2Ov/u+n9ZTMwL83PRnmjfjzBgfRZLVf |
| 188 | JFPXxUK26kMNpIdssNnqGOds+DhB+oSrsNKoxgxSl5OBoYv9eJTVYm7qOyAFIsjr |
| 189 | DRKAcjYCmzfesr7PVTowwy0RtHmYwyXMGDlAzzZrEvaiySFFmMyKKvtoavwaFoc7 |
| 190 | Pz3RZScwIuubzTGJ1x8EzdffYOsdCa9Mtgpp3L136+23dOd6L/qK2EG2fzrJSHs/ |
| 191 | 2XugkleBFSMKzEp9mxXKRfa++uidQvMZTFLDK9w5YjrRvMBo/l2BoZIsq0jAIE1N |
| 192 | sv5Z/KwlX+3MDEpPQpUwGPlGGdLnjI3UZ+cjgqBcoMiNc6HfgbBgYJSU6aDSHuCk |
| 193 | clCwByxWkBNgJ2GrkwNrF26v+bGJJJNR4SKouY1jQf0= |
| 194 | -----END RSA PRIVATE KEY-----`), |
| 195 | plainDER: ` |
| 196 | MIIBOgIBAAJBAKy3GFkstoCHIEeUU/qO8207m8WSrjksR+p9B4tf1w5k+2O1V/GY |
| 197 | AQ5WFCApItcOkQe/I0yZZJk/PmCqMzSxrc8CAwEAAQJAOCAz0F7AW9oNelVQSP8F |
| 198 | Sfzx7O1yom+qWyAQQJF/gFR11gpf9xpVnnyu1WxIRnDUh1LZwUsjwlDYb7MB74id |
| 199 | oQIhANPcOiLwOPT4sIUpRM5HG6BF1BI7L77VpyGVk8xNP7X/AiEA0LMHZtk4I+lJ |
| 200 | nClgYp4Yh2JZ1Znbu7IoQMCEJCjwKDECIGd8Dzm5tViTkUW6Hs3Tlf73nNs65duF |
| 201 | aRnSglss8I3pAiEAonEnKruawgD8RavDFR+fUgmQiPz4FnGGeVgfwpGG1JECIBYq |
| 202 | PXHYtPqxQIbD2pScR5qum7iGUh11lEUPkmt+2uqS`, |
| 203 | }, |
| 204 | { |
| 205 | // generated with: |
| 206 | // openssl genrsa -aes128 -passout pass:asdf -out server.orig.key 128 |
| 207 | kind: PEMCipherAES128, |
| 208 | password: []byte("asdf"), |
| 209 | pemData: []byte(` |
| 210 | -----BEGIN RSA PRIVATE KEY----- |
| 211 | Proc-Type: 4,ENCRYPTED |
| 212 | DEK-Info: AES-128-CBC,74611ABC2571AF11B1BF9B69E62C89E7 |
| 213 | |
| 214 | 6ei/MlytjE0FFgZOGQ+jrwomKfpl8kdefeE0NSt/DMRrw8OacHAzBNi3pPEa0eX3 |
| 215 | eND9l7C9meCirWovjj9QWVHrXyugFuDIqgdhQ8iHTgCfF3lrmcttVrbIfMDw+smD |
| 216 | hTP8O1mS/MHl92NE0nhv0w== |
| 217 | -----END RSA PRIVATE KEY-----`), |
| 218 | plainDER: ` |
| 219 | MGMCAQACEQC6ssxmYuauuHGOCDAI54RdAgMBAAECEQCWIn6Yv2O+kBcDF7STctKB |
| 220 | AgkA8SEfu/2i3g0CCQDGNlXbBHX7kQIIK3Ww5o0cYbECCQDCimPb0dYGsQIIeQ7A |
| 221 | jryIst8=`, |
| 222 | }, |
| 223 | } |