Source file
src/crypto/rsa/rsa_test.go
1
2
3
4
5 package rsa_test
6
7 import (
8 "bufio"
9 "bytes"
10 "crypto"
11 "crypto/internal/boring"
12 "crypto/internal/cryptotest"
13 "crypto/internal/fips140"
14 "crypto/rand"
15 . "crypto/rsa"
16 "crypto/sha1"
17 "crypto/sha256"
18 "crypto/sha512"
19 "crypto/x509"
20 "encoding/hex"
21 "encoding/pem"
22 "flag"
23 "fmt"
24 "io"
25 "math/big"
26 "os"
27 "slices"
28 "strings"
29 "testing"
30 )
31
32 func TestKeyGeneration(t *testing.T) {
33 sizes := []int{128, 512, 1024, 2048, 3072, 4096}
34 if testing.Short() {
35 sizes = sizes[:2]
36 }
37 for _, size := range sizes {
38 t.Run(fmt.Sprintf("%d", size), func(t *testing.T) {
39 if size < 1024 {
40 _, err := GenerateKey(rand.Reader, size)
41 if err == nil {
42 t.Errorf("GenerateKey(%d) succeeded without GODEBUG", size)
43 }
44 t.Setenv("GODEBUG", "rsa1024min=0")
45 }
46 priv, err := GenerateKey(rand.Reader, size)
47 if err != nil {
48 t.Errorf("GenerateKey(%d): %v", size, err)
49 }
50 if bits := priv.N.BitLen(); bits != size {
51 t.Errorf("key too short (%d vs %d)", bits, size)
52 }
53 testKeyBasics(t, priv)
54 })
55 }
56 }
57
58 func Test3PrimeKeyGeneration(t *testing.T) {
59 size := 1024
60 if testing.Short() {
61 t.Setenv("GODEBUG", "rsa1024min=0")
62 size = 256
63 }
64
65 priv, err := GenerateMultiPrimeKey(rand.Reader, 3, size)
66 if err != nil {
67 t.Errorf("failed to generate key")
68 }
69 testKeyBasics(t, priv)
70 }
71
72 func Test4PrimeKeyGeneration(t *testing.T) {
73 size := 1024
74 if testing.Short() {
75 t.Setenv("GODEBUG", "rsa1024min=0")
76 size = 256
77 }
78
79 priv, err := GenerateMultiPrimeKey(rand.Reader, 4, size)
80 if err != nil {
81 t.Errorf("failed to generate key")
82 }
83 testKeyBasics(t, priv)
84 }
85
86 func TestNPrimeKeyGeneration(t *testing.T) {
87 t.Setenv("GODEBUG", "rsa1024min=0")
88 primeSize := 64
89 maxN := 24
90 if testing.Short() {
91 primeSize = 16
92 maxN = 16
93 }
94
95 for n := 5; n < maxN; n++ {
96 priv, err := GenerateMultiPrimeKey(rand.Reader, n, 64+n*primeSize)
97 if err == nil {
98 testKeyBasics(t, priv)
99 } else {
100 t.Errorf("failed to generate %d-prime key", n)
101 }
102 }
103 }
104
105 func TestImpossibleKeyGeneration(t *testing.T) {
106
107
108 t.Setenv("GODEBUG", "rsa1024min=0")
109 for i := 0; i < 32; i++ {
110 GenerateKey(rand.Reader, i)
111 GenerateMultiPrimeKey(rand.Reader, 3, i)
112 GenerateMultiPrimeKey(rand.Reader, 4, i)
113 GenerateMultiPrimeKey(rand.Reader, 5, i)
114 }
115 }
116
117 func TestTinyKeyGeneration(t *testing.T) {
118
119 if testing.Short() {
120 t.Skip("skipping in short mode")
121 }
122 t.Setenv("GODEBUG", "rsa1024min=0")
123 for range 10000 {
124 k, err := GenerateKey(rand.Reader, 32)
125 if err != nil {
126 t.Fatalf("GenerateKey(32): %v", err)
127 }
128 if err := k.Validate(); err != nil {
129 t.Fatalf("Validate(32): %v", err)
130 }
131 }
132 }
133
134 func TestGnuTLSKey(t *testing.T) {
135 t.Setenv("GODEBUG", "rsa1024min=0")
136
137
138
139 priv := parseKey(testingKey(`-----BEGIN RSA TESTING KEY-----
140 MGECAQACEQDar8EuoZuSosYtE9SeXSyPAgMBAAECEBf7XDET8e6jjTcfO7y/sykC
141 CQDozXjCjkBzLQIJAPB6MqNbZaQrAghbZTdQoko5LQIIUp9ZiKDdYjMCCCCpqzmX
142 d8Y7
143 -----END RSA TESTING KEY-----`))
144 testKeyBasics(t, priv)
145 }
146
147 func testKeyBasics(t *testing.T, priv *PrivateKey) {
148 defer func() {
149 if t.Failed() {
150 t.Logf("failed key: %#v", priv)
151 }
152 }()
153
154 if err := priv.Validate(); err != nil {
155 t.Errorf("Validate() failed: %s", err)
156 }
157 if priv.D.Cmp(priv.N) > 0 {
158 t.Errorf("private exponent too large")
159 }
160
161 msg := []byte("hi!")
162 enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
163 if err != nil {
164 t.Errorf("EncryptPKCS1v15: %v", err)
165 return
166 }
167
168 dec, err := DecryptPKCS1v15(nil, priv, enc)
169 if err != nil {
170 t.Errorf("DecryptPKCS1v15: %v", err)
171 return
172 }
173 if !bytes.Equal(dec, msg) {
174 t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
175 }
176 }
177
178 func TestAllocations(t *testing.T) {
179 cryptotest.SkipTestAllocations(t)
180
181 m := []byte("Hello Gophers")
182 c, err := EncryptPKCS1v15(rand.Reader, &test2048Key.PublicKey, m)
183 if err != nil {
184 t.Fatal(err)
185 }
186
187 if allocs := testing.AllocsPerRun(100, func() {
188 p, err := DecryptPKCS1v15(nil, test2048Key, c)
189 if err != nil {
190 t.Fatal(err)
191 }
192 if !bytes.Equal(p, m) {
193 t.Fatalf("unexpected output: %q", p)
194 }
195 }); allocs > 10 {
196 t.Errorf("expected less than 10 allocations, got %0.1f", allocs)
197 }
198 }
199
200 var allFlag = flag.Bool("all", false, "test all key sizes up to 2048")
201
202 func TestEverything(t *testing.T) {
203 if testing.Short() {
204
205 for _, key := range []*PrivateKey{test1024Key, test2048Key} {
206 t.Run(fmt.Sprintf("%d", key.N.BitLen()), func(t *testing.T) {
207 t.Parallel()
208 testEverything(t, key)
209 })
210 }
211 return
212 }
213
214 t.Setenv("GODEBUG", "rsa1024min=0")
215 min := 32
216 max := 560
217 if *allFlag {
218 max = 2048
219 }
220 for size := min; size <= max; size++ {
221 t.Run(fmt.Sprintf("%d", size), func(t *testing.T) {
222 t.Parallel()
223 priv, err := GenerateKey(rand.Reader, size)
224 if err != nil {
225 t.Fatalf("GenerateKey(%d): %v", size, err)
226 }
227 if bits := priv.N.BitLen(); bits != size {
228 t.Errorf("key too short (%d vs %d)", bits, size)
229 }
230 testEverything(t, priv)
231 })
232 }
233 }
234
235 func testEverything(t *testing.T, priv *PrivateKey) {
236 validateErr := priv.Validate()
237 if validateErr != nil && len(priv.Primes) >= 2 {
238 t.Errorf("Validate() failed: %s", validateErr)
239 }
240
241 msg := []byte("test")
242 enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
243 if err == ErrMessageTooLong {
244 t.Log("key too small for EncryptPKCS1v15")
245 } else if err != nil {
246 t.Errorf("EncryptPKCS1v15: %v", err)
247 }
248 if err == nil {
249 dec, err := DecryptPKCS1v15(nil, priv, enc)
250 if err != nil {
251 t.Errorf("DecryptPKCS1v15: %v", err)
252 }
253 err = DecryptPKCS1v15SessionKey(nil, priv, enc, make([]byte, 4))
254 if err != nil {
255 t.Errorf("DecryptPKCS1v15SessionKey: %v", err)
256 }
257 if !bytes.Equal(dec, msg) {
258 t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
259 }
260 }
261
262 label := []byte("label")
263 enc, err = EncryptOAEP(sha256.New(), rand.Reader, &priv.PublicKey, msg, label)
264 if err == ErrMessageTooLong {
265 t.Log("key too small for EncryptOAEP")
266 } else if err != nil {
267 t.Errorf("EncryptOAEP: %v", err)
268 }
269 if err == nil {
270 dec, err := DecryptOAEP(sha256.New(), nil, priv, enc, label)
271 if err != nil {
272 t.Errorf("DecryptOAEP: %v", err)
273 }
274 if !bytes.Equal(dec, msg) {
275 t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
276 }
277 }
278
279 const hashMsg = "crypto/rsa: input must be hashed message"
280 sig, err := SignPKCS1v15(nil, priv, crypto.SHA256, msg)
281 if err == nil || err.Error() != hashMsg {
282 t.Errorf("SignPKCS1v15 with bad hash: err = %q, want %q", err, hashMsg)
283 }
284
285 hash := sha256.Sum256(msg)
286 sig, err = SignPKCS1v15(nil, priv, crypto.SHA256, hash[:])
287 if err == ErrMessageTooLong {
288 t.Log("key too small for SignPKCS1v15")
289 } else if err != nil {
290 t.Errorf("SignPKCS1v15: %v", err)
291 }
292 if err == nil {
293 err = VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, hash[:], sig)
294 if err != nil {
295 t.Errorf("VerifyPKCS1v15: %v", err)
296 }
297 sig[1] ^= 0x80
298 err = VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, hash[:], sig)
299 if err == nil {
300 t.Errorf("VerifyPKCS1v15 success for tampered signature")
301 }
302 sig[1] ^= 0x80
303 hash[1] ^= 0x80
304 err = VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, hash[:], sig)
305 if err == nil {
306 t.Errorf("VerifyPKCS1v15 success for tampered message")
307 }
308 hash[1] ^= 0x80
309 }
310
311 opts := &PSSOptions{SaltLength: PSSSaltLengthAuto}
312 sig, err = SignPSS(rand.Reader, priv, crypto.SHA256, hash[:], opts)
313 if err == ErrMessageTooLong {
314 t.Log("key too small for SignPSS with PSSSaltLengthAuto")
315 } else if err != nil {
316 t.Errorf("SignPSS: %v", err)
317 }
318 if err == nil {
319 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
320 if err != nil {
321 t.Errorf("VerifyPSS: %v", err)
322 }
323 sig[1] ^= 0x80
324 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
325 if err == nil {
326 t.Errorf("VerifyPSS success for tampered signature")
327 }
328 sig[1] ^= 0x80
329 hash[1] ^= 0x80
330 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
331 if err == nil {
332 t.Errorf("VerifyPSS success for tampered message")
333 }
334 hash[1] ^= 0x80
335 }
336
337 opts.SaltLength = PSSSaltLengthEqualsHash
338 sig, err = SignPSS(rand.Reader, priv, crypto.SHA256, hash[:], opts)
339 if err == ErrMessageTooLong {
340 t.Log("key too small for SignPSS with PSSSaltLengthEqualsHash")
341 } else if err != nil {
342 t.Errorf("SignPSS: %v", err)
343 }
344 if err == nil {
345 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
346 if err != nil {
347 t.Errorf("VerifyPSS: %v", err)
348 }
349 sig[1] ^= 0x80
350 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
351 if err == nil {
352 t.Errorf("VerifyPSS success for tampered signature")
353 }
354 sig[1] ^= 0x80
355 hash[1] ^= 0x80
356 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
357 if err == nil {
358 t.Errorf("VerifyPSS success for tampered message")
359 }
360 hash[1] ^= 0x80
361 }
362
363
364
365 c := bytes.Repeat([]byte{0xff}, priv.Size())
366 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], c, opts)
367 if err == nil {
368 t.Errorf("VerifyPSS accepted a large signature")
369 }
370 _, err = DecryptPKCS1v15(nil, priv, c)
371 if err == nil {
372 t.Errorf("DecryptPKCS1v15 accepted a large ciphertext")
373 }
374 c = append(c, 0xff)
375 err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], c, opts)
376 if err == nil {
377 t.Errorf("VerifyPSS accepted a long signature")
378 }
379 _, err = DecryptPKCS1v15(nil, priv, c)
380 if err == nil {
381 t.Errorf("DecryptPKCS1v15 accepted a long ciphertext")
382 }
383
384 if validateErr == nil {
385 der, err := x509.MarshalPKCS8PrivateKey(priv)
386 if err != nil {
387 t.Errorf("MarshalPKCS8PrivateKey: %v", err)
388 }
389 key, err := x509.ParsePKCS8PrivateKey(der)
390 if err != nil {
391 t.Errorf("ParsePKCS8PrivateKey: %v", err)
392 }
393 if !key.(*PrivateKey).Equal(priv) {
394 t.Errorf("private key mismatch")
395 }
396 }
397
398 der, err := x509.MarshalPKIXPublicKey(&priv.PublicKey)
399 if err != nil {
400 t.Errorf("MarshalPKIXPublicKey: %v", err)
401 }
402 pub, err := x509.ParsePKIXPublicKey(der)
403 if err != nil {
404 t.Errorf("ParsePKIXPublicKey: %v", err)
405 }
406 if !pub.(*PublicKey).Equal(&priv.PublicKey) {
407 t.Errorf("public key mismatch")
408 }
409 }
410
411 func TestKeyTooSmall(t *testing.T) {
412 checkErr := func(err error) {
413 t.Helper()
414 if err == nil {
415 t.Error("expected error")
416 }
417 if !strings.Contains(err.Error(), "insecure") {
418 t.Errorf("unexpected error: %v", err)
419 }
420 }
421 checkErr2 := func(_ []byte, err error) {
422 t.Helper()
423 checkErr(err)
424 }
425
426 buf := make([]byte, 512/8)
427 checkErr2(test512Key.Sign(rand.Reader, buf, crypto.SHA512))
428 checkErr2(test512Key.Sign(rand.Reader, buf, &PSSOptions{SaltLength: PSSSaltLengthEqualsHash}))
429 checkErr2(test512Key.Decrypt(rand.Reader, buf, &PKCS1v15DecryptOptions{}))
430 checkErr2(test512Key.Decrypt(rand.Reader, buf, &OAEPOptions{Hash: crypto.SHA512}))
431 checkErr(VerifyPKCS1v15(&test512Key.PublicKey, crypto.SHA512, buf, buf))
432 checkErr(VerifyPSS(&test512Key.PublicKey, crypto.SHA512, buf, buf, &PSSOptions{SaltLength: PSSSaltLengthEqualsHash}))
433 checkErr2(SignPKCS1v15(rand.Reader, test512Key, crypto.SHA512, buf))
434 checkErr2(SignPSS(rand.Reader, test512Key, crypto.SHA512, buf, &PSSOptions{SaltLength: PSSSaltLengthEqualsHash}))
435 checkErr2(EncryptPKCS1v15(rand.Reader, &test512Key.PublicKey, buf))
436 checkErr2(EncryptOAEP(sha512.New(), rand.Reader, &test512Key.PublicKey, buf, nil))
437 checkErr2(DecryptPKCS1v15(nil, test512Key, buf))
438 checkErr2(DecryptOAEP(sha512.New(), nil, test512Key, buf, nil))
439 checkErr(DecryptPKCS1v15SessionKey(nil, test512Key, buf, buf))
440 }
441
442 func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") }
443
444 func parseKey(s string) *PrivateKey {
445 p, _ := pem.Decode([]byte(s))
446 if p.Type == "PRIVATE KEY" {
447 k, err := x509.ParsePKCS8PrivateKey(p.Bytes)
448 if err != nil {
449 panic(err)
450 }
451 return k.(*PrivateKey)
452 }
453 k, err := x509.ParsePKCS1PrivateKey(p.Bytes)
454 if err != nil {
455 panic(err)
456 }
457 return k
458 }
459
460 var rsaPrivateKey = test1024Key
461
462 var test512Key = parseKey(testingKey(`-----BEGIN RSA TESTING KEY-----
463 MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0
464 fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu
465 /ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu
466 RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/
467 EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A
468 IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS
469 tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V
470 -----END RSA TESTING KEY-----`))
471
472 var test512KeyTwo = parseKey(testingKey(`-----BEGIN TESTING KEY-----
473 MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEA0wLCoguSfgskR8tY
474 Fh2AzXQzBpSEmPucxtVe93HzPdQpxvtSTvZe5kIsdvPc7QZ0dCc/qbnUBRbuGIAl
475 Ir0c9QIDAQABAkAzul+AXhnhcFXKi9ziPwVOWIgRuuLupe//BluriXG53BEBSVrV
476 Hr7qFqwnSLSLroMzqhZwoqyRgjsLYyGEHDGBAiEA8T0sDPuht3w2Qv61IAvBwjLH
477 H4HXjRUEWYRn1XjHqAUCIQDf7BYlANRqFfvg1YK3VCM4YyK2mH1UivDi8wdPlJRk
478 MQIhAMp5i2WCNeNpD6n/WkqBU6kJMXPSaPZy82mm5feYHgt5AiEAkg/QnhB9fjma
479 1BzRqD4Uv0pDMXIkhooe+Rrn0OwtI3ECIQDP6nxML3JOjbAS7ydFBv176uVsMJib
480 r4PZozCXKuuGNg==
481 -----END PRIVATE KEY-----`))
482
483 var test1024Key = parseKey(testingKey(`-----BEGIN RSA TESTING KEY-----
484 MIICXQIBAAKBgQCw0YNSqI9T1VFvRsIOejZ9feiKz1SgGfbe9Xq5tEzt2yJCsbyg
485 +xtcuCswNhdqY5A1ZN7G60HbL4/Hh/TlLhFJ4zNHVylz9mDDx3yp4IIcK2lb566d
486 fTD0B5EQ9Iqub4twLUdLKQCBfyhmJJvsEqKxm4J4QWgI+Brh/Pm3d4piPwIDAQAB
487 AoGASC6fj6TkLfMNdYHLQqG9kOlPfys4fstarpZD7X+fUBJ/H/7y5DzeZLGCYAIU
488 +QeAHWv6TfZIQjReW7Qy00RFJdgwFlTFRCsKXhG5x+IB+jL0Grr08KbgPPDgy4Jm
489 xirRHZVtU8lGbkiZX+omDIU28EHLNWL6rFEcTWao/tERspECQQDp2G5Nw0qYWn7H
490 Wm9Up1zkUTnkUkCzhqtxHbeRvNmHGKE7ryGMJEk2RmgHVstQpsvuFY4lIUSZEjAc
491 DUFJERhFAkEAwZH6O1ULORp8sHKDdidyleYcZU8L7y9Y3OXJYqELfddfBgFUZeVQ
492 duRmJj7ryu0g0uurOTE+i8VnMg/ostxiswJBAOc64Dd8uLJWKa6uug+XPr91oi0n
493 OFtM+xHrNK2jc+WmcSg3UJDnAI3uqMc5B+pERLq0Dc6hStehqHjUko3RnZECQEGZ
494 eRYWciE+Cre5dzfZkomeXE0xBrhecV0bOq6EKWLSVE+yr6mAl05ThRK9DCfPSOpy
495 F6rgN3QiyCA9J/1FluUCQQC5nX+PTU1FXx+6Ri2ZCi6EjEKMHr7gHcABhMinZYOt
496 N59pra9UdVQw9jxCU9G7eMyb0jJkNACAuEwakX3gi27b
497 -----END RSA TESTING KEY-----`))
498
499 var test2048KeyPEM = testingKey(`-----BEGIN TESTING KEY-----
500 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNoyFUYeDuqw+k
501 iyv47iBy/udbWmQdpbUZ8JobHv8uQrvL7sQN6l83teHgNJsXqtiLF3MC+K+XI6Dq
502 hxUWfQwLip8WEnv7Jx/+53S8yp/CS4Jw86Q1bQHbZjFDpcoqSuwAxlegw18HNZCY
503 fpipYnA1lYCm+MTjtgXJQbjA0dwUGCf4BDMqt+76Jk3XZF5975rftbkGoT9eu8Jt
504 Xs5F5Xkwd8q3fkQz+fpLW4u9jrfFyQ61RRFkYrCjlhtGjYIzBHGgQM4n/sNXhiy5
505 h0tA7Xa6NyYrN/OXe/Y1K8Rz/tzlvbMoxgZgtBuKo1N3m8ckFi7hUVK2eNv7GoAb
506 teTTPrg/AgMBAAECggEAAnfsVpmsL3R0Bh4gXRpPeM63H6e1a8B8kyVwiO9o0cXX
507 gKp9+P39izfB0Kt6lyCj/Wg+wOQT7rg5qy1yIw7fBHGmcjquxh3uN0s3YZ+Vcym6
508 SAY5f0vh/OyJN9r3Uv8+Pc4jtb7So7QDzdWeZurssBmUB0avAMRdGNFGP5SyILcz
509 l3Q59hTxQ4czRHKjZ06L1/sA+tFVbO1j39FN8nMOU/ovLF4lAmZTkQ6AP6n6XPHP
510 B8Nq7jSYz6RDO200jzp6UsdrnjjkJRbzOxN/fn+ckCP+WYuq+y/d05ET9PdVa4qI
511 Jyr80D9QgHmfztcecvYwoskGnkb2F4Tmp0WnAj/xVQKBgQD4TrMLyyHdbAr5hoSi
512 p+r7qBQxnHxPe2FKO7aqagi4iPEHauEDgwPIcsOYota1ACiSs3BaESdJAClbqPYd
513 HDI4c2DZ6opux6WYkSju+tVXYW6qarR3fzrP3fUCdz2c2NfruWOqq8YmjzAhTNPm
514 YzvtzTdwheNYV0Vi71t1SfZmfQKBgQDUAgSUcrgXdGDnSbaNe6KwjY5oZWOQfZe2
515 DUhqfN/JRFZj+EMfIIh6OQXnZqkp0FeRdfRAFl8Yz8ESHEs4j+TikLJEeOdfmYLS
516 TWxlMPDTUGbUvSf4g358NJ8TlfYA7dYpSTNPXMRSLtsz1palmaDBTE/V2xKtTH6p
517 VglRNRUKawKBgCPqBh2TkN9czC2RFkgMb4FcqycN0jEQ0F6TSnVVhtNiAzKmc8s1
518 POvWJZJDIzjkv/mP+JUeXAdD/bdjNc26EU126rA6KzGgsMPjYv9FymusDPybGGUc
519 Qt5j5RcpNgEkn/5ZPyAlXjCfjz+RxChTfAyGHRmqU9qoLMIFir3pJ7llAoGBAMNH
520 sIxENwlzqyafoUUlEq/pU7kZWuJmrO2FwqRDraYoCiM/NCRhxRQ/ng6NY1gejepw
521 abD2alXiV4alBSxubne6rFmhvA00y2mG40c6Ezmxn2ZpbX3dMQ6bMcPKp7QnXtLc
522 mCSL4FGK02ImUNDsd0RVVFw51DRId4rmsuJYMK9NAoGAKlYdc4784ixTD2ZICIOC
523 ZWPxPAyQUEA7EkuUhAX1bVNG6UJTYA8kmGcUCG4jPTgWzi00IyUUr8jK7efyU/zs
524 qiJuVs1bia+flYIQpysMl1VzZh8gW1nkB4SVPm5l2wBvVJDIr9Mc6rueC/oVNkh2
525 fLVGuFoTVIu2bF0cWAjNNMg=
526 -----END TESTING KEY-----`)
527
528 var test2048Key = parseKey(test2048KeyPEM)
529
530 var test2048KeyOnlyD = &PrivateKey{
531 PublicKey: test2048Key.PublicKey,
532 D: test2048Key.D,
533 }
534
535 var test2048KeyWithoutPrecomputed = &PrivateKey{
536 PublicKey: test2048Key.PublicKey,
537 D: test2048Key.D,
538 Primes: test2048Key.Primes,
539 }
540
541
542
543 var test2048KeyWithPrecomputed = &PrivateKey{
544 PublicKey: test2048Key.PublicKey,
545 D: test2048Key.D,
546 Primes: test2048Key.Primes,
547 Precomputed: PrecomputedValues{
548 Dp: test2048Key.Precomputed.Dp,
549 Dq: test2048Key.Precomputed.Dq,
550 Qinv: test2048Key.Precomputed.Qinv,
551 },
552 }
553
554 var test3072Key = parseKey(testingKey(`-----BEGIN TESTING KEY-----
555 MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDJrvevql7G07LM
556 xQAwAA1Oo8qUAkWfmpgrpxIUZE1QTyMCDaspQJGBBR2+iStrzi2NnWvyBz3jJWFZ
557 LepnsMUFSXj5Ez6bEt2x9YbLAAVGhI6USrGAKqRdJ77+F7yIVCJWcV4vtTyN86IO
558 UaHObwCR8GX7MUwJiRxDUZtYxJcwTMHSs4OWxNnqc+A8yRKn85CsCx0X9I1DULq+
559 5BL8gF3MUXvb2zYzIOGI1s3lXOo9tHVcRVB1eV7dZHDyYGxZ4Exj9eKhiOL52hE6
560 ZPTWCCKbQnyBV3HYe+t8DscOG/IzaAzLrx1s6xnqKEe5lUQ03Ty9QN3tpqqLsC4b
561 CUkdk6Ma43KXGkCmoPaGCkssSc9qOrwHrqoMkOnZDWOJ5mKHhINKWV/U7p54T7tx
562 FWI3PFvvYevoPf7cQdJcChbIBvQ+LEuVZvmljhONUjIGKBaqBz5Sjv7Fd5BNnBGz
563 8NwH6tYdT9kdTkCZdfrazbuhLxN0mhhXp2sePRV2KZsB7i7cUJMCAwEAAQKCAYAT
564 fqunbxmehhu237tUaHTg1e6WHvVu54kaUxm+ydvlTY5N5ldV801Sl4AtXjdJwjy0
565 qcj430qpTarawsLxMezhcB2BlKLNEjucC5EeHIrmAEMt7LMP90868prAweJHRTv/
566 zLvfcwPURClf0Uk0L0Dyr7Y+hnXZ8scTb2x2M06FQdjMY+4Yy+oKgm05mEVgNv1p
567 e+DcjhbSMRf+rVoeeSQCmhprATCnLDWmE1QEqIC7OoR2SPxC1rAHnhatfwo00nwz
568 rciN5YSOqoGa1WMNv6ut0HJWZnu5nR1OuZpaf+zrxlthMxPwhhPq0211J4fZviTO
569 WLnubXD3/G9TN1TszeFuO7Ty8HYYkTJ3RLRrTRrfwhOtOJ4tkuwSJol3QIs1asab
570 wYabuqyTv4+6JeoMBSLnMoA8rXSW9ti4gvJ1h8xMqmMF6e91Z0Fn7fvP5MCn/t8H
571 8cIPhYLOhdPH5JMqxozb/a1s+JKvRTLnAXxNjlmyXzNvC+3Ixp4q9O8dWJ8Gt+EC
572 gcEA+12m6iMXU3tBw1cYDcs/Jc0hOVgMAMgtnWZ4+p8RSucO/74bq82kdyAOJxao
573 spAcK03NnpRBDcYsSyuQrE6AXQYel1Gj98mMtOirwt2T9vH5fHT6oKsqEu03hYIB
574 5cggeie4wqKAOb9tVdShJk7YBJUgIXnAcqqmkD4oeUGzUV0QseQtspEHUJSqBQ9n
575 yR4DmyMECgLm47S9LwPMtgRh9ADLBaZeuIRdBEKCDPgNkdya/dLb8u8kE8Ox3T3R
576 +r2hAoHBAM1m1ZNqP9bEa74jZkpMxDN+vUdN7rZcxcpHu1nyii8OzXEopB+jByFA
577 lmMqnKt8z5DRD0dmHXzOggnKJGO2j63/XFaVmsaXcM2B8wlRCqwm4mBE/bYCEKJl
578 xqkDveICzwb1paWSgmFkjc6DN2g1jUd3ptOORuU38onrSphPHFxgyNlNTcOcXvxb
579 GW4R8iPinvpkY3shluWqRQTvai1+gNQlmKMdqXvreUjKqJFCOhoRUVG/MDv8IdP2
580 tXq43+UZswKBwQDSErOzi74r25/bVAdbR9gvjF7O4OGvKZzNpd1HfvbhxXcIjuXr
581 UEK5+AU777ju+ndATZahiD9R9qP/8pnHFxg6JiocxnMlW8EHVEhv4+SMBjA+Ljlj
582 W4kfJjc3ka5qTjWuQVIs/8fv+yayC7DeJhhsxACFWY5Xhn0LoZcLt7fYMNIKCauT
583 R5d4ZbYt4nEXaMkUt0/h2gkCloNhLmjAWatPU/ZYc3FH/f8K11Z+5jPZCihSJw4A
584 2pEpH2yffNHnHuECgcEAmxIWEHNYuwYT6brEETgfsFjxAZI+tIMZ+HtrYJ8R4DEm
585 vVXXguMMEPi4ESosmfNiqYyMInVfscgeuNFZ48YCd3Sg++V6so/G5ABFwjTi/9Fj
586 exbbDLxGXrTD5PokMyu3rSNr6bLQqELIJK8/93bmsJwO4Q07TPaOL73p1U90s/GF
587 8TjBivrVY2RLsKPv0VPYfmWoDV/wkneYH/+4g5xMGt4/fHZ6bEn8iQ4ncXM0dlW4
588 tSTIf6D80RAjNwG4VzitAoHAA8GLh22w+Cx8RPsj6xdrUiVFE+nNMMgeY8Mdjsrq
589 Fh4jJb+4zwSML9R6iJu/LH5B7Fre2Te8QrYP+k/jIHPYJtGesVt/WlAtpDCNsC3j
590 8CBzxwL6zkN+46pph35jPKUSaQQ2r8euNMp/sirkYcP8PpbdtifXCjN08QQIKsqj
591 17IGHe9jZX/EVnSshCkXOBHG31buV10k5GSkeKcoDrkpp25wQ6FjW9L3Q68y6Y8r
592 8h02sdAMB9Yc2A4EgzOySWoD
593 -----END TESTING KEY-----`))
594
595 var test4096Key = parseKey(testingKey(`-----BEGIN TESTING KEY-----
596 MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCmH55T2e8fdUaL
597 iWVL2yI7d/wOu/sxI4nVGoiRMiSMlMZlOEZ4oJY6l2y9N/b8ftwoIpjYO8CBk5au
598 x2Odgpuz+FJyHppvKakUIeAn4940zoNkRe/iptybIuH5tCBygjs0y1617TlR/c5+
599 FF5YRkzsEJrGcLqXzj0hDyrwdplBOv1xz2oHYlvKWWcVMR/qgwoRuj65Ef262t/Q
600 ELH3+fFLzIIstFTk2co2WaALquOsOB6xGOJSAAr8cIAWe+3MqWM8DOcgBuhABA42
601 9IhbBBw0uqTXUv/TGi6tcF29H2buSxAx/Wm6h2PstLd6IJAbWHAa6oTz87H0S6XZ
602 v42cYoFhHma1OJw4id1oOZMFDTPDbHxgUnr2puSU+Fpxrj9+FWwViKE4j0YatbG9
603 cNVpx9xo4NdvOkejWUrqziRorMZTk/zWKz0AkGQzTN3PrX0yy61BoWfznH/NXZ+o
604 j3PqVtkUs6schoIYvrUcdhTCrlLwGSHhU1VKNGAUlLbNrIYTQNgt2gqvjLEsn4/i
605 PgS1IsuDHIc7nGjzvKcuR0UeYCDkmBQqKrdhGbdJ1BRohzLdm+woRpjrqmUCbMa5
606 VWWldJen0YyAlxNILvXMD117azeduseM1sZeGA9L8MmE12auzNbKr371xzgANSXn
607 jRuyrblAZKc10kYStrcEmJdfNlzYAwIDAQABAoICABdQBpsD0W/buFuqm2GKzgIE
608 c4Xp0XVy5EvYnmOp4sEru6/GtvUErDBqwaLIMMv8TY8AU+y8beaBPLsoVg1rn8gg
609 yAklzExfT0/49QkEDFHizUOMIP7wpbLLsWSmZ4tKRV7CT3c+ZDXiZVECML84lmDm
610 b6H7feQB2EhEZaU7L4Sc76ZCEkIZBoKeCz5JF46EdyxHs7erE61eO9xqC1+eXsNh
611 Xr9BS0yWV69K4o/gmnS3p2747AHP6brFWuRM3fFDsB5kPScccQlSyF/j7yK+r+qi
612 arGg/y+z0+sZAr6gooQ8Wnh5dJXtnBNCxSDJYw/DWHAeiyvk/gsndo3ZONlCZZ9u
613 bpwBYx3hA2wTa5GUQxFM0KlI7Ftr9Cescf2jN6Ia48C6FcQsepMzD3jaMkLir8Jk
614 /YD/s5KPzNvwPAyLnf7x574JeWuuxTIPx6b/fHVtboDK6j6XQnzrN2Hy3ngvlEFo
615 zuGYVvtrz5pJXWGVSjZWG1kc9iXCdHKpmFdPj7XhU0gugTzQ/e5uRIqdOqfNLI37
616 fppSuWkWd5uaAg0Zuhd+2L4LG2GhVdfFa1UeHBe/ncFKz1km9Bmjvt04TpxlRnVG
617 wHxJZKlxpxCZ3AuLNUMP/QazPXO8OIfGOCbwkgFiqRY32mKDUvmEADBBoYpk/wBv
618 qV99g5gvYFC5Le4QLzOJAoIBAQDcnqnK2tgkISJhsLs2Oj8vEcT7dU9vVnPSxTcC
619 M0F+8ITukn33K0biUlA+ktcQaF+eeLjfbjkn/H0f2Ajn++ldT56MgAFutZkYvwxJ
620 2A6PVB3jesauSpe8aqoKMDIj8HSA3+AwH+yU+yA9r5EdUq1S6PscP+5Wj22+thAa
621 l65CFD77C0RX0lly5zdjQo3Vyca2HYGm/cshFCPRZc66TPjNAHFthbqktKjMQ91H
622 Hg+Gun2zv8KqeSzMDeHnef4rVaWMIyIBzpu3QdkKPUXMQQxvJ+RW7+MORV9VjE7Z
623 KVnHa/6x9n+jvtQ0ydHc2n0NOp6BQghTCB2G3w3JJfmPcRSNAoIBAQDAw6mPddoz
624 UUzANMOYcFtos4EaWfTQE2okSLVAmLY2gtAK6ldTv6X9xl0IiC/DmWqiNZJ/WmVI
625 glkp6iZhxBSmqov0X9P0M+jdz7CRnbZDFhQWPxSPicurYuPKs52IC08HgIrwErzT
626 /lh+qRXEqzT8rTdftywj5fE89w52NPHBsMS07VhFsJtU4aY2Yl8y1PHeumXU6h66
627 yTvoCLLxJPiLIg9PgvbMF+RiYyomIg75gwfx4zWvIvWdXifQBC88fE7lP2u5gtWL
628 JUJaMy6LNKHn8YezvwQp0dRecvvoqzoApOuHfsPASHb9cfvcy/BxDXFMJO4QWCi1
629 6WLaR835nKLPAoIBAFw7IHSjxNRl3b/FaJ6k/yEoZpdRVaIQHF+y/uo2j10IJCqw
630 p2SbfQjErLNcI/jCCadwhKkzpUVoMs8LO73v/IF79aZ7JR4pYRWNWQ/N+VhGLDCb
631 dVAL8x9b4DZeK7gGoE34SfsUfY1S5wmiyiHeHIOazs/ikjsxvwmJh3X2j20klafR
632 8AJe9/InY2plunHz5tTfxQIQ+8iaaNbzntcXsrPRSZol2/9bX231uR4wHQGQGVj6
633 A+HMwsOT0is5Pt7S8WCCl4b13vdf2eKD9xgK4a3emYEWzG985PwYqiXzOYs7RMEV
634 cgr8ji57aPbRiJHtPbJ/7ob3z5BA07yR2aDz/0kCggEAZDyajHYNLAhHr98AIuGy
635 NsS5CpnietzNoeaJEfkXL0tgoXxwQqVyzH7827XtmHnLgGP5NO4tosHdWbVflhEf
636 Z/dhZYb7MY5YthcMyvvGziXJ9jOBHo7Z8Nowd7Rk41x2EQGfve0QcfBd1idYoXch
637 y47LL6OReW1Vv4z84Szw1fZ0o1yUPVDzxPS9uKP4uvcOevJUh53isuB3nVYArvK5
638 p6fjbEY+zaxS33KPdVrajJa9Z+Ptg4/bRqSycTHr2jkN0ZnkC4hkQMH0OfFJb6vD
639 0VfAaBCZOqHZG/AQ3FFFjRY1P7UEV5WXAn3mKU+HTVJfKug9PxSIvueIttcF3Zm8
640 8wKCAQAM43+DnGW1w34jpsTAeOXC5mhIz7J8spU6Uq5bJIheEE2AbX1z+eRVErZX
641 1WsRNPsNrQfdt/b5IKboBbSYKoGxxRMngJI1eJqyj4LxZrACccS3euAlcU1q+3oN
642 T10qfQol54KjGld/HVDhzbsZJxzLDqvPlroWgwLdOLDMXhwJYfTnqMEQkaG4Aawr
643 3P14+Zp/woLiPWw3iZFcL/bt23IOa9YI0NoLhp5MFNXfIuzx2FhVz6BUSeVfQ6Ko
644 Nx2YZ03g6Kt6B6c43LJx1a/zEPYSZcPERgWOSHlcjmwRfTs6uoN9xt1qs4zEUaKv
645 Axreud3rJ0rekUp6rI1joG717Wls
646 -----END TESTING KEY-----`))
647
648 func BenchmarkDecryptPKCS1v15(b *testing.B) {
649 b.Run("2048", func(b *testing.B) { benchmarkDecryptPKCS1v15(b, test2048Key) })
650 b.Run("3072", func(b *testing.B) { benchmarkDecryptPKCS1v15(b, test3072Key) })
651 b.Run("4096", func(b *testing.B) { benchmarkDecryptPKCS1v15(b, test4096Key) })
652 }
653
654 func benchmarkDecryptPKCS1v15(b *testing.B, k *PrivateKey) {
655 r := bufio.NewReaderSize(rand.Reader, 1<<15)
656
657 m := []byte("Hello Gophers")
658 c, err := EncryptPKCS1v15(r, &k.PublicKey, m)
659 if err != nil {
660 b.Fatal(err)
661 }
662
663 b.ResetTimer()
664 var sink byte
665 for i := 0; i < b.N; i++ {
666 p, err := DecryptPKCS1v15(r, k, c)
667 if err != nil {
668 b.Fatal(err)
669 }
670 if !bytes.Equal(p, m) {
671 b.Fatalf("unexpected output: %q", p)
672 }
673 sink ^= p[0]
674 }
675 }
676
677 func BenchmarkEncryptPKCS1v15(b *testing.B) {
678 b.Run("2048", func(b *testing.B) {
679 r := bufio.NewReaderSize(rand.Reader, 1<<15)
680 m := []byte("Hello Gophers")
681
682 var sink byte
683 for i := 0; i < b.N; i++ {
684 c, err := EncryptPKCS1v15(r, &test2048Key.PublicKey, m)
685 if err != nil {
686 b.Fatal(err)
687 }
688 sink ^= c[0]
689 }
690 })
691 }
692
693 func BenchmarkDecryptOAEP(b *testing.B) {
694 b.Run("2048", func(b *testing.B) {
695 r := bufio.NewReaderSize(rand.Reader, 1<<15)
696
697 m := []byte("Hello Gophers")
698 c, err := EncryptOAEP(sha256.New(), r, &test2048Key.PublicKey, m, nil)
699 if err != nil {
700 b.Fatal(err)
701 }
702
703 b.ResetTimer()
704 var sink byte
705 for i := 0; i < b.N; i++ {
706 p, err := DecryptOAEP(sha256.New(), r, test2048Key, c, nil)
707 if err != nil {
708 b.Fatal(err)
709 }
710 if !bytes.Equal(p, m) {
711 b.Fatalf("unexpected output: %q", p)
712 }
713 sink ^= p[0]
714 }
715 })
716 }
717
718 func BenchmarkEncryptOAEP(b *testing.B) {
719 b.Run("2048", func(b *testing.B) {
720 r := bufio.NewReaderSize(rand.Reader, 1<<15)
721 m := []byte("Hello Gophers")
722
723 var sink byte
724 for i := 0; i < b.N; i++ {
725 c, err := EncryptOAEP(sha256.New(), r, &test2048Key.PublicKey, m, nil)
726 if err != nil {
727 b.Fatal(err)
728 }
729 sink ^= c[0]
730 }
731 })
732 }
733
734 func BenchmarkSignPKCS1v15(b *testing.B) {
735 b.Run("2048", func(b *testing.B) { benchmarkSignPKCS1v15(b, test2048Key) })
736 b.Run("2048/noprecomp/OnlyD", func(b *testing.B) {
737 benchmarkSignPKCS1v15(b, test2048KeyOnlyD)
738 })
739 b.Run("2048/noprecomp/Primes", func(b *testing.B) {
740 benchmarkSignPKCS1v15(b, test2048KeyWithoutPrecomputed)
741 })
742
743
744 b.Run("2048/noprecomp/AllValues", func(b *testing.B) {
745 benchmarkSignPKCS1v15(b, test2048KeyWithPrecomputed)
746 })
747 }
748
749 func benchmarkSignPKCS1v15(b *testing.B, k *PrivateKey) {
750 hashed := sha256.Sum256([]byte("testing"))
751
752 var sink byte
753 b.ResetTimer()
754 for i := 0; i < b.N; i++ {
755 s, err := SignPKCS1v15(rand.Reader, k, crypto.SHA256, hashed[:])
756 if err != nil {
757 b.Fatal(err)
758 }
759 sink ^= s[0]
760 }
761 }
762
763 func BenchmarkVerifyPKCS1v15(b *testing.B) {
764 b.Run("2048", func(b *testing.B) {
765 hashed := sha256.Sum256([]byte("testing"))
766 s, err := SignPKCS1v15(rand.Reader, test2048Key, crypto.SHA256, hashed[:])
767 if err != nil {
768 b.Fatal(err)
769 }
770
771 b.ResetTimer()
772 for i := 0; i < b.N; i++ {
773 err := VerifyPKCS1v15(&test2048Key.PublicKey, crypto.SHA256, hashed[:], s)
774 if err != nil {
775 b.Fatal(err)
776 }
777 }
778 })
779 }
780
781 func BenchmarkSignPSS(b *testing.B) {
782 b.Run("2048", func(b *testing.B) {
783 hashed := sha256.Sum256([]byte("testing"))
784
785 var sink byte
786 b.ResetTimer()
787 for i := 0; i < b.N; i++ {
788 s, err := SignPSS(rand.Reader, test2048Key, crypto.SHA256, hashed[:], nil)
789 if err != nil {
790 b.Fatal(err)
791 }
792 sink ^= s[0]
793 }
794 })
795 }
796
797 func BenchmarkVerifyPSS(b *testing.B) {
798 b.Run("2048", func(b *testing.B) {
799 hashed := sha256.Sum256([]byte("testing"))
800 s, err := SignPSS(rand.Reader, test2048Key, crypto.SHA256, hashed[:], nil)
801 if err != nil {
802 b.Fatal(err)
803 }
804
805 b.ResetTimer()
806 for i := 0; i < b.N; i++ {
807 err := VerifyPSS(&test2048Key.PublicKey, crypto.SHA256, hashed[:], s, nil)
808 if err != nil {
809 b.Fatal(err)
810 }
811 }
812 })
813 }
814
815 func BenchmarkParsePKCS8PrivateKey(b *testing.B) {
816 b.Run("2048", func(b *testing.B) {
817 p, _ := pem.Decode([]byte(test2048KeyPEM))
818 b.ResetTimer()
819 for i := 0; i < b.N; i++ {
820 if _, err := x509.ParsePKCS8PrivateKey(p.Bytes); err != nil {
821 b.Fatal(err)
822 }
823 }
824 })
825 }
826
827 func BenchmarkGenerateKey(b *testing.B) {
828 b.Run("2048", func(b *testing.B) {
829 primes, err := os.ReadFile("testdata/keygen2048.txt")
830 if err != nil {
831 b.Fatal(err)
832 }
833 for b.Loop() {
834 r := &testPrimeReader{primes: string(primes)}
835 if _, err := GenerateKey(r, 2048); err != nil {
836 b.Fatal(err)
837 }
838 }
839 })
840 }
841
842
843
844 type testPrimeReader struct {
845 primes string
846 }
847
848 func (r *testPrimeReader) Read(p []byte) (n int, err error) {
849
850
851
852
853
854
855
856 if len(p) == 1 {
857 return 1, nil
858 }
859
860 var line string
861 for line == "" || line[0] == '#' {
862 var ok bool
863 line, r.primes, ok = strings.Cut(r.primes, "\n")
864 if !ok {
865 return 0, io.EOF
866 }
867 }
868 b, err := hex.DecodeString(line)
869 if err != nil {
870 return 0, err
871 }
872 if len(p) != len(b) {
873 return 0, fmt.Errorf("unexpected read length: %d", len(p))
874 }
875 copy(p, b)
876 return len(p), nil
877 }
878
879 type testEncryptOAEPMessage struct {
880 in []byte
881 seed []byte
882 out []byte
883 }
884
885 type testEncryptOAEPStruct struct {
886 modulus string
887 e int
888 d string
889 msgs []testEncryptOAEPMessage
890 }
891
892 func TestEncryptOAEP(t *testing.T) {
893 sha1 := sha1.New()
894 n := new(big.Int)
895 for i, test := range testEncryptOAEPData {
896 n.SetString(test.modulus, 16)
897 public := PublicKey{N: n, E: test.e}
898
899 for j, message := range test.msgs {
900 randomSource := bytes.NewReader(message.seed)
901 out, err := EncryptOAEP(sha1, randomSource, &public, message.in, nil)
902 if err != nil {
903 t.Errorf("#%d,%d error: %s", i, j, err)
904 }
905 if !bytes.Equal(out, message.out) {
906 t.Errorf("#%d,%d bad result: %x (want %x)", i, j, out, message.out)
907 }
908 }
909 }
910 }
911
912 func TestDecryptOAEP(t *testing.T) {
913 random := rand.Reader
914
915 sha1 := sha1.New()
916 n := new(big.Int)
917 d := new(big.Int)
918 for i, test := range testEncryptOAEPData {
919 n.SetString(test.modulus, 16)
920 d.SetString(test.d, 16)
921 private := new(PrivateKey)
922 private.PublicKey = PublicKey{N: n, E: test.e}
923 private.D = d
924
925 for j, message := range test.msgs {
926 out, err := DecryptOAEP(sha1, nil, private, message.out, nil)
927 if err != nil {
928 t.Errorf("#%d,%d error: %s", i, j, err)
929 } else if !bytes.Equal(out, message.in) {
930 t.Errorf("#%d,%d bad result: %#v (want %#v)", i, j, out, message.in)
931 }
932
933
934 out, err = DecryptOAEP(sha1, random, private, message.out, nil)
935 if err != nil {
936 t.Errorf("#%d,%d (blind) error: %s", i, j, err)
937 } else if !bytes.Equal(out, message.in) {
938 t.Errorf("#%d,%d (blind) bad result: %#v (want %#v)", i, j, out, message.in)
939 }
940 }
941 if testing.Short() {
942 break
943 }
944 }
945 }
946
947 func Test2DecryptOAEP(t *testing.T) {
948 random := rand.Reader
949
950 msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22}
951 in := []byte{0x72, 0x26, 0x84, 0xc9, 0xcf, 0xd6, 0xa8, 0x96, 0x04, 0x3e, 0x34, 0x07, 0x2c, 0x4f, 0xe6, 0x52, 0xbe, 0x46, 0x3c, 0xcf, 0x79, 0x21, 0x09, 0x64, 0xe7, 0x33, 0x66, 0x9b, 0xf8, 0x14, 0x22, 0x43, 0xfe, 0x8e, 0x52, 0x8b, 0xe0, 0x5f, 0x98, 0xef, 0x54, 0xac, 0x6b, 0xc6, 0x26, 0xac, 0x5b, 0x1b, 0x4b, 0x7d, 0x2e, 0xd7, 0x69, 0x28, 0x5a, 0x2f, 0x4a, 0x95, 0x89, 0x6c, 0xc7, 0x53, 0x95, 0xc7, 0xd2, 0x89, 0x04, 0x6f, 0x94, 0x74, 0x9b, 0x09, 0x0d, 0xf4, 0x61, 0x2e, 0xab, 0x48, 0x57, 0x4a, 0xbf, 0x95, 0xcb, 0xff, 0x15, 0xe2, 0xa0, 0x66, 0x58, 0xf7, 0x46, 0xf8, 0xc7, 0x0b, 0xb5, 0x1e, 0xa7, 0xba, 0x36, 0xce, 0xdd, 0x36, 0x41, 0x98, 0x6e, 0x10, 0xf9, 0x3b, 0x70, 0xbb, 0xa1, 0xda, 0x00, 0x40, 0xd5, 0xa5, 0x3f, 0x87, 0x64, 0x32, 0x7c, 0xbc, 0x50, 0x52, 0x0e, 0x4f, 0x21, 0xbd}
952
953 n := new(big.Int)
954 d := new(big.Int)
955 n.SetString(testEncryptOAEPData[0].modulus, 16)
956 d.SetString(testEncryptOAEPData[0].d, 16)
957 priv := new(PrivateKey)
958 priv.PublicKey = PublicKey{N: n, E: testEncryptOAEPData[0].e}
959 priv.D = d
960 sha1 := crypto.SHA1
961 sha256 := crypto.SHA256
962
963 out, err := priv.Decrypt(random, in, &OAEPOptions{MGFHash: sha1, Hash: sha256})
964
965 if err != nil {
966 t.Errorf("error: %s", err)
967 } else if !bytes.Equal(out, msg) {
968 t.Errorf("bad result %#v (want %#v)", out, msg)
969 }
970 }
971
972 func TestEncryptDecryptOAEP(t *testing.T) {
973 sha256 := sha256.New()
974 n := new(big.Int)
975 d := new(big.Int)
976 for i, test := range testEncryptOAEPData {
977 n.SetString(test.modulus, 16)
978 d.SetString(test.d, 16)
979 priv := new(PrivateKey)
980 priv.PublicKey = PublicKey{N: n, E: test.e}
981 priv.D = d
982
983 for j, message := range test.msgs {
984 label := []byte(fmt.Sprintf("hi#%d", j))
985 enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, message.in, label)
986 if err != nil {
987 t.Errorf("#%d,%d: EncryptOAEP: %v", i, j, err)
988 continue
989 }
990 dec, err := DecryptOAEP(sha256, rand.Reader, priv, enc, label)
991 if err != nil {
992 t.Errorf("#%d,%d: DecryptOAEP: %v", i, j, err)
993 continue
994 }
995 if !bytes.Equal(dec, message.in) {
996 t.Errorf("#%d,%d: round trip %q -> %q", i, j, message.in, dec)
997 }
998
999
1000 enc, err = EncryptOAEPWithOptions(rand.Reader, &priv.PublicKey, message.in, &OAEPOptions{Hash: crypto.SHA256, MGFHash: crypto.SHA1, Label: label})
1001 if err != nil {
1002 t.Errorf("#%d,%d: EncryptOAEP with different MGFHash: %v", i, j, err)
1003 continue
1004 }
1005 dec, err = priv.Decrypt(rand.Reader, enc, &OAEPOptions{Hash: crypto.SHA256, MGFHash: crypto.SHA1, Label: label})
1006 if err != nil {
1007 t.Errorf("#%d,%d: DecryptOAEP with different MGFHash: %v", i, j, err)
1008 continue
1009 }
1010 if !bytes.Equal(dec, message.in) {
1011 t.Errorf("#%d,%d: round trip with different MGFHash %q -> %q", i, j, message.in, dec)
1012 }
1013
1014
1015 enc, err = EncryptOAEPWithOptions(rand.Reader, &priv.PublicKey, message.in, &OAEPOptions{Hash: crypto.SHA256, Label: label})
1016 if err != nil {
1017 t.Errorf("#%d,%d: EncryptOAEP with zero MGFHash: %v", i, j, err)
1018 continue
1019 }
1020 dec, err = DecryptOAEP(sha256, rand.Reader, priv, enc, label)
1021 if err != nil {
1022 t.Errorf("#%d,%d: DecryptOAEP with zero MGFHash: %v", i, j, err)
1023 continue
1024 }
1025 if !bytes.Equal(dec, message.in) {
1026 t.Errorf("#%d,%d: round trip with zero MGFHash %q -> %q", i, j, message.in, dec)
1027 }
1028 }
1029 }
1030 }
1031
1032
1033 var testEncryptOAEPData = []testEncryptOAEPStruct{
1034
1035 {"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb",
1036 65537,
1037 "53339cfdb79fc8466a655c7316aca85c55fd8f6dd898fdaf119517ef4f52e8fd8e258df93fee180fa0e4ab29693cd83b152a553d4ac4d1812b8b9fa5af0e7f55fe7304df41570926f3311f15c4d65a732c483116ee3d3d2d0af3549ad9bf7cbfb78ad884f84d5beb04724dc7369b31def37d0cf539e9cfcdd3de653729ead5d1",
1038 []testEncryptOAEPMessage{
1039
1040 {
1041 []byte{0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0,
1042 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23, 0x97,
1043 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe,
1044 0xfe, 0x34,
1045 },
1046 []byte{0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69,
1047 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1, 0xdd,
1048 0xa0, 0xa5, 0xef,
1049 },
1050 []byte{0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d,
1051 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f, 0x7b,
1052 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf,
1053 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb, 0x21, 0x69, 0x6d,
1054 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f,
1055 0x8a, 0xfc, 0xc2, 0x01, 0x03, 0x5f, 0x7b, 0x6d, 0x8e,
1056 0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a,
1057 0x53, 0x5f, 0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f,
1058 0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22,
1059 0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70,
1060 0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26, 0xd9, 0x8c,
1061 0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94,
1062 0xa0, 0xd9, 0xfa, 0x1e, 0x8c, 0x40, 0x24, 0x30, 0x9c,
1063 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a,
1064 0xc7, 0x2e, 0x8a,
1065 },
1066 },
1067
1068 {
1069 []byte{0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4,
1070 0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9, 0xba,
1071 0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f,
1072 0x9d, 0xd5,
1073 },
1074 []byte{0x0c, 0xc7, 0x42, 0xce, 0x4a, 0x9b, 0x7f, 0x32,
1075 0xf9, 0x51, 0xbc, 0xb2, 0x51, 0xef, 0xd9, 0x25, 0xfe,
1076 0x4f, 0xe3, 0x5f,
1077 },
1078 []byte{0x64, 0x0d, 0xb1, 0xac, 0xc5, 0x8e, 0x05, 0x68,
1079 0xfe, 0x54, 0x07, 0xe5, 0xf9, 0xb7, 0x01, 0xdf, 0xf8,
1080 0xc3, 0xc9, 0x1e, 0x71, 0x6c, 0x53, 0x6f, 0xc7, 0xfc,
1081 0xec, 0x6c, 0xb5, 0xb7, 0x1c, 0x11, 0x65, 0x98, 0x8d,
1082 0x4a, 0x27, 0x9e, 0x15, 0x77, 0xd7, 0x30, 0xfc, 0x7a,
1083 0x29, 0x93, 0x2e, 0x3f, 0x00, 0xc8, 0x15, 0x15, 0x23,
1084 0x6d, 0x8d, 0x8e, 0x31, 0x01, 0x7a, 0x7a, 0x09, 0xdf,
1085 0x43, 0x52, 0xd9, 0x04, 0xcd, 0xeb, 0x79, 0xaa, 0x58,
1086 0x3a, 0xdc, 0xc3, 0x1e, 0xa6, 0x98, 0xa4, 0xc0, 0x52,
1087 0x83, 0xda, 0xba, 0x90, 0x89, 0xbe, 0x54, 0x91, 0xf6,
1088 0x7c, 0x1a, 0x4e, 0xe4, 0x8d, 0xc7, 0x4b, 0xbb, 0xe6,
1089 0x64, 0x3a, 0xef, 0x84, 0x66, 0x79, 0xb4, 0xcb, 0x39,
1090 0x5a, 0x35, 0x2d, 0x5e, 0xd1, 0x15, 0x91, 0x2d, 0xf6,
1091 0x96, 0xff, 0xe0, 0x70, 0x29, 0x32, 0x94, 0x6d, 0x71,
1092 0x49, 0x2b, 0x44,
1093 },
1094 },
1095
1096 {
1097 []byte{0xd9, 0x4a, 0xe0, 0x83, 0x2e, 0x64, 0x45, 0xce,
1098 0x42, 0x33, 0x1c, 0xb0, 0x6d, 0x53, 0x1a, 0x82, 0xb1,
1099 0xdb, 0x4b, 0xaa, 0xd3, 0x0f, 0x74, 0x6d, 0xc9, 0x16,
1100 0xdf, 0x24, 0xd4, 0xe3, 0xc2, 0x45, 0x1f, 0xff, 0x59,
1101 0xa6, 0x42, 0x3e, 0xb0, 0xe1, 0xd0, 0x2d, 0x4f, 0xe6,
1102 0x46, 0xcf, 0x69, 0x9d, 0xfd, 0x81, 0x8c, 0x6e, 0x97,
1103 0xb0, 0x51,
1104 },
1105 []byte{0x25, 0x14, 0xdf, 0x46, 0x95, 0x75, 0x5a, 0x67,
1106 0xb2, 0x88, 0xea, 0xf4, 0x90, 0x5c, 0x36, 0xee, 0xc6,
1107 0x6f, 0xd2, 0xfd,
1108 },
1109 []byte{0x42, 0x37, 0x36, 0xed, 0x03, 0x5f, 0x60, 0x26,
1110 0xaf, 0x27, 0x6c, 0x35, 0xc0, 0xb3, 0x74, 0x1b, 0x36,
1111 0x5e, 0x5f, 0x76, 0xca, 0x09, 0x1b, 0x4e, 0x8c, 0x29,
1112 0xe2, 0xf0, 0xbe, 0xfe, 0xe6, 0x03, 0x59, 0x5a, 0xa8,
1113 0x32, 0x2d, 0x60, 0x2d, 0x2e, 0x62, 0x5e, 0x95, 0xeb,
1114 0x81, 0xb2, 0xf1, 0xc9, 0x72, 0x4e, 0x82, 0x2e, 0xca,
1115 0x76, 0xdb, 0x86, 0x18, 0xcf, 0x09, 0xc5, 0x34, 0x35,
1116 0x03, 0xa4, 0x36, 0x08, 0x35, 0xb5, 0x90, 0x3b, 0xc6,
1117 0x37, 0xe3, 0x87, 0x9f, 0xb0, 0x5e, 0x0e, 0xf3, 0x26,
1118 0x85, 0xd5, 0xae, 0xc5, 0x06, 0x7c, 0xd7, 0xcc, 0x96,
1119 0xfe, 0x4b, 0x26, 0x70, 0xb6, 0xea, 0xc3, 0x06, 0x6b,
1120 0x1f, 0xcf, 0x56, 0x86, 0xb6, 0x85, 0x89, 0xaa, 0xfb,
1121 0x7d, 0x62, 0x9b, 0x02, 0xd8, 0xf8, 0x62, 0x5c, 0xa3,
1122 0x83, 0x36, 0x24, 0xd4, 0x80, 0x0f, 0xb0, 0x81, 0xb1,
1123 0xcf, 0x94, 0xeb,
1124 },
1125 },
1126 },
1127 },
1128
1129 {"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb",
1130 65537,
1131 "056b04216fe5f354ac77250a4b6b0c8525a85c59b0bd80c56450a22d5f438e596a333aa875e291dd43f48cb88b9d5fc0d499f9fcd1c397f9afc070cd9e398c8d19e61db7c7410a6b2675dfbf5d345b804d201add502d5ce2dfcb091ce9997bbebe57306f383e4d588103f036f7e85d1934d152a323e4a8db451d6f4a5b1b0f102cc150e02feee2b88dea4ad4c1baccb24d84072d14e1d24a6771f7408ee30564fb86d4393a34bcf0b788501d193303f13a2284b001f0f649eaf79328d4ac5c430ab4414920a9460ed1b7bc40ec653e876d09abc509ae45b525190116a0c26101848298509c1c3bf3a483e7274054e15e97075036e989f60932807b5257751e79",
1132 []testEncryptOAEPMessage{
1133
1134 {
1135 []byte{0x8b, 0xba, 0x6b, 0xf8, 0x2a, 0x6c, 0x0f, 0x86,
1136 0xd5, 0xf1, 0x75, 0x6e, 0x97, 0x95, 0x68, 0x70, 0xb0,
1137 0x89, 0x53, 0xb0, 0x6b, 0x4e, 0xb2, 0x05, 0xbc, 0x16,
1138 0x94, 0xee,
1139 },
1140 []byte{0x47, 0xe1, 0xab, 0x71, 0x19, 0xfe, 0xe5, 0x6c,
1141 0x95, 0xee, 0x5e, 0xaa, 0xd8, 0x6f, 0x40, 0xd0, 0xaa,
1142 0x63, 0xbd, 0x33,
1143 },
1144 []byte{0x53, 0xea, 0x5d, 0xc0, 0x8c, 0xd2, 0x60, 0xfb,
1145 0x3b, 0x85, 0x85, 0x67, 0x28, 0x7f, 0xa9, 0x15, 0x52,
1146 0xc3, 0x0b, 0x2f, 0xeb, 0xfb, 0xa2, 0x13, 0xf0, 0xae,
1147 0x87, 0x70, 0x2d, 0x06, 0x8d, 0x19, 0xba, 0xb0, 0x7f,
1148 0xe5, 0x74, 0x52, 0x3d, 0xfb, 0x42, 0x13, 0x9d, 0x68,
1149 0xc3, 0xc5, 0xaf, 0xee, 0xe0, 0xbf, 0xe4, 0xcb, 0x79,
1150 0x69, 0xcb, 0xf3, 0x82, 0xb8, 0x04, 0xd6, 0xe6, 0x13,
1151 0x96, 0x14, 0x4e, 0x2d, 0x0e, 0x60, 0x74, 0x1f, 0x89,
1152 0x93, 0xc3, 0x01, 0x4b, 0x58, 0xb9, 0xb1, 0x95, 0x7a,
1153 0x8b, 0xab, 0xcd, 0x23, 0xaf, 0x85, 0x4f, 0x4c, 0x35,
1154 0x6f, 0xb1, 0x66, 0x2a, 0xa7, 0x2b, 0xfc, 0xc7, 0xe5,
1155 0x86, 0x55, 0x9d, 0xc4, 0x28, 0x0d, 0x16, 0x0c, 0x12,
1156 0x67, 0x85, 0xa7, 0x23, 0xeb, 0xee, 0xbe, 0xff, 0x71,
1157 0xf1, 0x15, 0x94, 0x44, 0x0a, 0xae, 0xf8, 0x7d, 0x10,
1158 0x79, 0x3a, 0x87, 0x74, 0xa2, 0x39, 0xd4, 0xa0, 0x4c,
1159 0x87, 0xfe, 0x14, 0x67, 0xb9, 0xda, 0xf8, 0x52, 0x08,
1160 0xec, 0x6c, 0x72, 0x55, 0x79, 0x4a, 0x96, 0xcc, 0x29,
1161 0x14, 0x2f, 0x9a, 0x8b, 0xd4, 0x18, 0xe3, 0xc1, 0xfd,
1162 0x67, 0x34, 0x4b, 0x0c, 0xd0, 0x82, 0x9d, 0xf3, 0xb2,
1163 0xbe, 0xc6, 0x02, 0x53, 0x19, 0x62, 0x93, 0xc6, 0xb3,
1164 0x4d, 0x3f, 0x75, 0xd3, 0x2f, 0x21, 0x3d, 0xd4, 0x5c,
1165 0x62, 0x73, 0xd5, 0x05, 0xad, 0xf4, 0xcc, 0xed, 0x10,
1166 0x57, 0xcb, 0x75, 0x8f, 0xc2, 0x6a, 0xee, 0xfa, 0x44,
1167 0x12, 0x55, 0xed, 0x4e, 0x64, 0xc1, 0x99, 0xee, 0x07,
1168 0x5e, 0x7f, 0x16, 0x64, 0x61, 0x82, 0xfd, 0xb4, 0x64,
1169 0x73, 0x9b, 0x68, 0xab, 0x5d, 0xaf, 0xf0, 0xe6, 0x3e,
1170 0x95, 0x52, 0x01, 0x68, 0x24, 0xf0, 0x54, 0xbf, 0x4d,
1171 0x3c, 0x8c, 0x90, 0xa9, 0x7b, 0xb6, 0xb6, 0x55, 0x32,
1172 0x84, 0xeb, 0x42, 0x9f, 0xcc,
1173 },
1174 },
1175 },
1176 },
1177 }
1178
1179 func TestPSmallerThanQ(t *testing.T) {
1180
1181 k := parseKey(testingKey(`-----BEGIN RSA TESTING KEY-----
1182 MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
1183 KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
1184 o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
1185 TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
1186 9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
1187 v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
1188 /5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
1189 -----END RSA TESTING KEY-----`))
1190 t.Setenv("GODEBUG", "rsa1024min=0")
1191 if boring.Enabled {
1192 t.Skip("BoringCrypto mode returns the wrong error from SignPSS")
1193 }
1194 testEverything(t, k)
1195 }
1196
1197 func TestLargeSizeDifference(t *testing.T) {
1198
1199 k1 := parseKey(testingKey(`-----BEGIN TESTING KEY-----
1200 MIICmAIBADANBgkqhkiG9w0BAQEFAASCAoIwggJ+AgEAAoGBAOB/V7qbbMLHZSHS
1201 rU3FLNQJe88wQr5asy813wqlWsCeYUn7Imxv23vDXthpkH/54+CplWDvVri24zhU
1202 4tHfONSEBWWKTRfQKCW+vrzf+d02rB95lVBrBDSKAUR6w1Xcx9/6ib+kQRDnMl2l
1203 WZzDgv8jrNPrLGipYBOLcI9/Oh3HAgMBAAECgYBr85AiAX8JIoy0+POxA/GMfIr2
1204 lERj+IVVXFhGbED5gjUBUn8kz/gOrClZAqgxJKVbdTcxn4KGOM64z427Y24H52zQ
1205 sCq7RFJ9KDd4s1hAPQImBRUYu2blqDoqxNBQBxLHVUN7vwFp2MGsHzTz7mcx7QNG
1206 teRbyLhCanUd3UOb4QJhAP5dyjIK1WzKBZ/jSAmjJL64bks4wEEl5eG6e2cTscCH
1207 RE/OSpHi57dyrxgnBkczt56hOksJFzwmgk4wEM8n/JDOXwIzvAH4w4JWhu169gCW
1208 8LgxCzJ71xv8+wUUouUTLwIhAOHwcdEAKyLo3K7X1nlYcUOX61yQ1GXRgIROGrsh
1209 NNjpAmEAuW1nu4k4QmEXLpJB7nyWic3q4T0SsatN5HrMAL1To/U3sDHDHIxbvNiG
1210 mcXBBuDFp4cC9rY+0OOFtDfH2SveKzW1/uX11T4iT/6Bx9cORCnEe5GNBxVOH6IQ
1211 34hGo1WTAiEAyCYALW1AyUQPerOpQwWeEIrb7Lw/65KTjqDB/VOFRUECYQCPcc07
1212 D19OB593kGklAtk1XwGt1W8OmfGIKhGMKzlYhb9MezjaX/3zpO19msSUmSNKszMX
1213 RpZX4LYz9Ity0nxQ3qZYN6XYNwvr7dCV0E5eS+mgbGWRrf3utdbUkZUNwYE=
1214 -----END TESTING KEY-----`))
1215
1216
1217 k2 := parseKey(testingKey(`-----BEGIN TESTING KEY-----
1218 MIICVwIBADANBgkqhkiG9w0BAQEFAASCAkEwggI9AgEAAoGBAObSD1Q4cfUURAuY
1219 RCCTDxv3TxK/VPJH/ees4eVkJHBkgErTXJsVb7df3Pyz8J5yVU7Y68osp1uRgJu1
1220 E/v61L388oUQbpDlhpCzkpx2ZBfwx891JJBNgrRu/ZEDaWfXA4fx3iUDcA83NfY+
1221 WWBlwwjhZG2jTQAgB0kz6fIhxODRAgMBAAECgYAJcO3i1WC25C5w1Xhy5yT68TuN
1222 IiGWu+JbLa97NySE6tOHRvQk0QSTUGw8thsEoo3BAthlQtKHWLmvwPl1YNtEGE14
1223 9gMlzoveiB10tMAJqmIaPoUWgQ2Wmzz+akYgr3zEloN+2ptVRYmboOWXGOHK4LJd
1224 n5h7UvQNSqZyUvqogQIhAPOfMCgE3hvt4wA9cNUg3uQgUNnjr0ITiptNmgmoaaFB
1225 AmEA8oxdQm/Uo1B5J2ebPj/e6mCi/wv3Ewq0CNE4Q1SiLmK1EKwyYj1pNBfrT2Vs
1226 O5XsuFPC5V07iSjjfbaE8Q4zuKSmhVFe9aoAn8lwuuVBufGLFW7FD8PnhDZcqWsE
1227 ksuRAiEA7sRa5y32Hbtlmquc9VV0/nJpq1NKRmFunE1PJh4IAMECYH0Q1ZHJWkqv
1228 1xjzeoA5rPcLx2BdyhP+g+C8CRfmzw2+BgFH2V8ArXuYDdTNxmZfI0XUov1j+qv5
1229 8nvDHn+xxAekltzNnXptI49A7qjgR+jaXM47ZM+BQ6LP6S3OqfgLkQIhAKbHdb9l
1230 cHPGX1uUDRAU1xxtpVQ0OqXyEgqwz6y6hYRw
1231 -----END TESTING KEY-----`))
1232
1233 if boring.Enabled {
1234 t.Skip("BoringCrypto mode returns the wrong error from SignPSS")
1235 }
1236 testEverything(t, k1)
1237 testEverything(t, k2)
1238 }
1239
1240 func TestNotPrecomputed(t *testing.T) {
1241 t.Run("OnlyD", func(t *testing.T) {
1242 testEverything(t, test2048KeyOnlyD)
1243 k := *test2048KeyOnlyD
1244 k.Precompute()
1245 testEverything(t, &k)
1246 })
1247 t.Run("Primes", func(t *testing.T) {
1248 testEverything(t, test2048KeyWithoutPrecomputed)
1249 k := *test2048KeyWithoutPrecomputed
1250 k.Precompute()
1251 if k.Precomputed.Dp == nil || k.Precomputed.Dq == nil || k.Precomputed.Qinv == nil {
1252 t.Error("Precomputed values should not be nil after Precompute()")
1253 }
1254 testEverything(t, &k)
1255 })
1256 t.Run("AllValues", func(t *testing.T) {
1257 testEverything(t, test2048KeyWithPrecomputed)
1258 k := *test2048KeyWithoutPrecomputed
1259 k.Precompute()
1260 if k.Precomputed.Dp == nil || k.Precomputed.Dq == nil || k.Precomputed.Qinv == nil {
1261 t.Error("Precomputed values should not be nil after Precompute()")
1262 }
1263 testEverything(t, &k)
1264 })
1265 }
1266
1267 func TestModifiedPrivateKey(t *testing.T) {
1268 if test512Key.Validate() != nil {
1269 t.Fatal("test512Key should be valid")
1270 }
1271
1272 t.Run("PublicKey mismatch", func(t *testing.T) {
1273 testModifiedPrivateKey(t, func(k *PrivateKey) {
1274 k.PublicKey = test512KeyTwo.PublicKey
1275 })
1276 })
1277 t.Run("Precomputed mismatch", func(t *testing.T) {
1278 testModifiedPrivateKey(t, func(k *PrivateKey) {
1279 k.Precomputed = test512KeyTwo.Precomputed
1280 })
1281 })
1282
1283 t.Run("D+2", func(t *testing.T) {
1284 if fips140.Version() == "v1.0.0" {
1285 t.Skip("This was fixed after v1.0.0")
1286 }
1287 testModifiedPrivateKey(t, func(k *PrivateKey) {
1288 k.D = new(big.Int).Add(k.D, big.NewInt(2))
1289 })
1290 })
1291 t.Run("D=0", func(t *testing.T) {
1292 testModifiedPrivateKey(t, func(k *PrivateKey) {
1293 k.D = new(big.Int)
1294 })
1295 })
1296 t.Run("D is nil", func(t *testing.T) {
1297 testModifiedPrivateKey(t, func(k *PrivateKey) {
1298 k.D = nil
1299 })
1300 })
1301
1302 t.Run("N+2", func(t *testing.T) {
1303 testModifiedPrivateKey(t, func(k *PrivateKey) {
1304 k.N = new(big.Int).Add(k.N, big.NewInt(2))
1305 })
1306 })
1307 t.Run("N=0", func(t *testing.T) {
1308 testModifiedPrivateKey(t, func(k *PrivateKey) {
1309 k.N = new(big.Int)
1310 })
1311 })
1312 t.Run("N is nil", func(t *testing.T) {
1313 testModifiedPrivateKey(t, func(k *PrivateKey) {
1314 k.N = nil
1315 })
1316 })
1317
1318 t.Run("P+2", func(t *testing.T) {
1319 testModifiedPrivateKey(t, func(k *PrivateKey) {
1320 k.Primes[0] = new(big.Int).Add(k.Primes[0], big.NewInt(2))
1321 })
1322 })
1323 t.Run("P=0", func(t *testing.T) {
1324 testModifiedPrivateKey(t, func(k *PrivateKey) {
1325 k.Primes[0] = new(big.Int)
1326 })
1327 })
1328 t.Run("P is nil", func(t *testing.T) {
1329 testModifiedPrivateKey(t, func(k *PrivateKey) {
1330 k.Primes[0] = nil
1331 })
1332 })
1333
1334 t.Run("Q+2", func(t *testing.T) {
1335 testModifiedPrivateKey(t, func(k *PrivateKey) {
1336 k.Primes[1] = new(big.Int).Add(k.Primes[1], big.NewInt(2))
1337 })
1338 })
1339 t.Run("Q=0", func(t *testing.T) {
1340 testModifiedPrivateKey(t, func(k *PrivateKey) {
1341 k.Primes[1] = new(big.Int)
1342 })
1343 })
1344 t.Run("Q is nil", func(t *testing.T) {
1345 testModifiedPrivateKey(t, func(k *PrivateKey) {
1346 k.Primes[1] = nil
1347 })
1348 })
1349
1350 t.Run("E+2", func(t *testing.T) {
1351 testModifiedPrivateKey(t, func(k *PrivateKey) {
1352 k.E += 2
1353 })
1354 })
1355 t.Run("E=0", func(t *testing.T) {
1356 testModifiedPrivateKey(t, func(k *PrivateKey) {
1357 k.E = 0
1358 })
1359 })
1360 }
1361
1362 func testModifiedPrivateKey(t *testing.T, f func(*PrivateKey)) {
1363 k := new(PrivateKey)
1364 *k = *test512Key
1365 k.Primes = slices.Clone(k.Primes)
1366 f(k)
1367 if err := k.Validate(); err == nil {
1368 t.Error("Validate should have failed")
1369 }
1370 k.Precompute()
1371 if err := k.Validate(); err == nil {
1372 t.Error("Validate should have failed after Precompute()")
1373 }
1374 }
1375
View as plain text