Source file
src/crypto/tls/boring_test.go
1
2
3
4
5
6
7 package tls
8
9 import (
10 "crypto/ecdsa"
11 "crypto/elliptic"
12 "crypto/internal/boring/fipstls"
13 "crypto/rand"
14 "crypto/rsa"
15 "crypto/x509"
16 "crypto/x509/pkix"
17 "encoding/pem"
18 "fmt"
19 "internal/obscuretestdata"
20 "math/big"
21 "net"
22 "runtime"
23 "strings"
24 "testing"
25 "time"
26 )
27
28 func allCipherSuitesIncludingTLS13() []uint16 {
29 s := allCipherSuites()
30 for _, suite := range cipherSuitesTLS13 {
31 s = append(s, suite.id)
32 }
33 return s
34 }
35
36 func isTLS13CipherSuite(id uint16) bool {
37 for _, suite := range cipherSuitesTLS13 {
38 if id == suite.id {
39 return true
40 }
41 }
42 return false
43 }
44
45 func generateKeyShare(group CurveID) keyShare {
46 key, err := generateECDHEKey(rand.Reader, group)
47 if err != nil {
48 panic(err)
49 }
50 return keyShare{group: group, data: key.PublicKey().Bytes()}
51 }
52
53 func TestBoringServerProtocolVersion(t *testing.T) {
54 test := func(t *testing.T, name string, v uint16, msg string) {
55 t.Run(name, func(t *testing.T) {
56 serverConfig := testConfig.Clone()
57 serverConfig.MinVersion = VersionSSL30
58 clientConfig := testConfig.Clone()
59 clientConfig.MinVersion = v
60 clientConfig.MaxVersion = v
61 _, _, err := testHandshake(t, clientConfig, serverConfig)
62 if msg == "" {
63 if err != nil {
64 t.Fatalf("got error: %v, expected success", err)
65 }
66 } else {
67 if err == nil {
68 t.Fatalf("got success, expected error")
69 }
70 if !strings.Contains(err.Error(), msg) {
71 t.Fatalf("got error %v, expected %q", err, msg)
72 }
73 }
74 })
75 }
76
77 test(t, "VersionTLS10", VersionTLS10, "")
78 test(t, "VersionTLS11", VersionTLS11, "")
79 test(t, "VersionTLS12", VersionTLS12, "")
80 test(t, "VersionTLS13", VersionTLS13, "")
81
82 t.Run("fipstls", func(t *testing.T) {
83 fipstls.Force()
84 defer fipstls.Abandon()
85 test(t, "VersionTLS10", VersionTLS10, "supported versions")
86 test(t, "VersionTLS11", VersionTLS11, "supported versions")
87 test(t, "VersionTLS12", VersionTLS12, "")
88 test(t, "VersionTLS13", VersionTLS13, "")
89 })
90 }
91
92 func isBoringVersion(v uint16) bool {
93 return v == VersionTLS12 || v == VersionTLS13
94 }
95
96 func isBoringCipherSuite(id uint16) bool {
97 switch id {
98 case TLS_AES_128_GCM_SHA256,
99 TLS_AES_256_GCM_SHA384,
100 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
101 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
102 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
103 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
104 return true
105 }
106 return false
107 }
108
109 func isBoringCurve(id CurveID) bool {
110 switch id {
111 case CurveP256, CurveP384:
112 return true
113 }
114 return false
115 }
116
117 func isECDSA(id uint16) bool {
118 for _, suite := range cipherSuites {
119 if suite.id == id {
120 return suite.flags&suiteECSign == suiteECSign
121 }
122 }
123 return false
124 }
125
126 func isBoringSignatureScheme(alg SignatureScheme) bool {
127 switch alg {
128 default:
129 return false
130 case PKCS1WithSHA256,
131 ECDSAWithP256AndSHA256,
132 PKCS1WithSHA384,
133 ECDSAWithP384AndSHA384,
134 PKCS1WithSHA512,
135 PSSWithSHA256,
136 PSSWithSHA384,
137 PSSWithSHA512:
138
139 }
140 return true
141 }
142
143 func TestBoringServerCipherSuites(t *testing.T) {
144 serverConfig := testConfig.Clone()
145 serverConfig.Certificates = make([]Certificate, 1)
146
147 for _, id := range allCipherSuitesIncludingTLS13() {
148 if isECDSA(id) {
149 serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
150 serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
151 } else {
152 serverConfig.Certificates[0].Certificate = [][]byte{testRSACertificate}
153 serverConfig.Certificates[0].PrivateKey = testRSAPrivateKey
154 }
155 serverConfig.BuildNameToCertificate()
156 t.Run(fmt.Sprintf("suite=%s", CipherSuiteName(id)), func(t *testing.T) {
157 clientHello := &clientHelloMsg{
158 vers: VersionTLS12,
159 random: make([]byte, 32),
160 cipherSuites: []uint16{id},
161 compressionMethods: []uint8{compressionNone},
162 supportedCurves: defaultCurvePreferences(),
163 keyShares: []keyShare{generateKeyShare(CurveP256)},
164 supportedPoints: []uint8{pointFormatUncompressed},
165 supportedVersions: []uint16{VersionTLS12},
166 supportedSignatureAlgorithms: defaultSupportedSignatureAlgorithmsFIPS,
167 }
168 if isTLS13CipherSuite(id) {
169 clientHello.supportedVersions = []uint16{VersionTLS13}
170 }
171
172 testClientHello(t, serverConfig, clientHello)
173 t.Run("fipstls", func(t *testing.T) {
174 fipstls.Force()
175 defer fipstls.Abandon()
176 msg := ""
177 if !isBoringCipherSuite(id) {
178 msg = "no cipher suite supported by both client and server"
179 }
180 testClientHelloFailure(t, serverConfig, clientHello, msg)
181 })
182 })
183 }
184 }
185
186 func TestBoringServerCurves(t *testing.T) {
187 serverConfig := testConfig.Clone()
188 serverConfig.BuildNameToCertificate()
189
190 for _, curveid := range defaultCurvePreferences() {
191 t.Run(fmt.Sprintf("curve=%d", curveid), func(t *testing.T) {
192 clientConfig := testConfig.Clone()
193 clientConfig.CurvePreferences = []CurveID{curveid}
194 if curveid == x25519Kyber768Draft00 {
195
196 clientConfig.CurvePreferences = append(clientConfig.CurvePreferences, X25519)
197 }
198 if _, _, err := testHandshake(t, clientConfig, serverConfig); err != nil {
199 t.Fatalf("got error: %v, expected success", err)
200 }
201
202
203 t.Run("fipstls", func(t *testing.T) {
204 fipstls.Force()
205 defer fipstls.Abandon()
206 _, _, err := testHandshake(t, clientConfig, serverConfig)
207 if err != nil && isBoringCurve(curveid) {
208 t.Fatalf("got error: %v, expected success", err)
209 } else if err == nil && !isBoringCurve(curveid) {
210 t.Fatalf("got success, expected error")
211 }
212 })
213 })
214 }
215 }
216
217 func boringHandshake(t *testing.T, clientConfig, serverConfig *Config) (clientErr, serverErr error) {
218 c, s := localPipe(t)
219 client := Client(c, clientConfig)
220 server := Server(s, serverConfig)
221 done := make(chan error, 1)
222 go func() {
223 done <- client.Handshake()
224 c.Close()
225 }()
226 serverErr = server.Handshake()
227 s.Close()
228 clientErr = <-done
229 return
230 }
231
232 func TestBoringServerSignatureAndHash(t *testing.T) {
233 defer func() {
234 testingOnlyForceClientHelloSignatureAlgorithms = nil
235 }()
236
237 for _, sigHash := range defaultSupportedSignatureAlgorithms {
238 t.Run(fmt.Sprintf("%v", sigHash), func(t *testing.T) {
239 serverConfig := testConfig.Clone()
240 serverConfig.Certificates = make([]Certificate, 1)
241
242 testingOnlyForceClientHelloSignatureAlgorithms = []SignatureScheme{sigHash}
243
244 sigType, _, _ := typeAndHashFromSignatureScheme(sigHash)
245 switch sigType {
246 case signaturePKCS1v15, signatureRSAPSS:
247 serverConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}
248 serverConfig.Certificates[0].Certificate = [][]byte{testRSA2048Certificate}
249 serverConfig.Certificates[0].PrivateKey = testRSA2048PrivateKey
250 case signatureEd25519:
251 serverConfig.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}
252 serverConfig.Certificates[0].Certificate = [][]byte{testEd25519Certificate}
253 serverConfig.Certificates[0].PrivateKey = testEd25519PrivateKey
254 case signatureECDSA:
255 serverConfig.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}
256 serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
257 serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
258 }
259 serverConfig.BuildNameToCertificate()
260
261
262 serverConfig.MaxVersion = VersionTLS12
263
264 clientErr, serverErr := boringHandshake(t, testConfig, serverConfig)
265 if clientErr != nil {
266 t.Fatalf("expected handshake with %#x to succeed; client error: %v; server error: %v", sigHash, clientErr, serverErr)
267 }
268
269
270 t.Run("fipstls", func(t *testing.T) {
271 fipstls.Force()
272 defer fipstls.Abandon()
273 clientErr, _ := boringHandshake(t, testConfig, serverConfig)
274 if isBoringSignatureScheme(sigHash) {
275 if clientErr != nil {
276 t.Fatalf("expected handshake with %#x to succeed; err=%v", sigHash, clientErr)
277 }
278 } else {
279 if clientErr == nil {
280 t.Fatalf("expected handshake with %#x to fail, but it succeeded", sigHash)
281 }
282 }
283 })
284 })
285 }
286 }
287
288 func TestBoringClientHello(t *testing.T) {
289
290
291 fipstls.Force()
292 defer fipstls.Abandon()
293
294 c, s := net.Pipe()
295 defer c.Close()
296 defer s.Close()
297
298 clientConfig := testConfig.Clone()
299
300 clientConfig.MinVersion = VersionSSL30
301 clientConfig.MaxVersion = VersionTLS13
302 clientConfig.CipherSuites = allCipherSuites()
303 clientConfig.CurvePreferences = defaultCurvePreferences()
304
305 go Client(c, clientConfig).Handshake()
306 srv := Server(s, testConfig)
307 msg, err := srv.readHandshake(nil)
308 if err != nil {
309 t.Fatal(err)
310 }
311 hello, ok := msg.(*clientHelloMsg)
312 if !ok {
313 t.Fatalf("unexpected message type %T", msg)
314 }
315
316 if !isBoringVersion(hello.vers) {
317 t.Errorf("client vers=%#x", hello.vers)
318 }
319 for _, v := range hello.supportedVersions {
320 if !isBoringVersion(v) {
321 t.Errorf("client offered disallowed version %#x", v)
322 }
323 }
324 for _, id := range hello.cipherSuites {
325 if !isBoringCipherSuite(id) {
326 t.Errorf("client offered disallowed suite %#x", id)
327 }
328 }
329 for _, id := range hello.supportedCurves {
330 if !isBoringCurve(id) {
331 t.Errorf("client offered disallowed curve %d", id)
332 }
333 }
334 for _, sigHash := range hello.supportedSignatureAlgorithms {
335 if !isBoringSignatureScheme(sigHash) {
336 t.Errorf("client offered disallowed signature-and-hash %v", sigHash)
337 }
338 }
339 }
340
341 func TestBoringCertAlgs(t *testing.T) {
342
343 if runtime.GOOS == "nacl" || runtime.GOARCH == "arm" || runtime.GOOS == "js" {
344 t.Skipf("skipping on %s/%s because key generation takes too long", runtime.GOOS, runtime.GOARCH)
345 }
346
347
348
349 R1 := boringCert(t, "R1", boringRSAKey(t, 2048), nil, boringCertCA|boringCertFIPSOK)
350 R2 := boringCert(t, "R2", boringRSAKey(t, 512), nil, boringCertCA)
351
352 M1_R1 := boringCert(t, "M1_R1", boringECDSAKey(t, elliptic.P256()), R1, boringCertCA|boringCertFIPSOK)
353 M2_R1 := boringCert(t, "M2_R1", boringECDSAKey(t, elliptic.P224()), R1, boringCertCA)
354
355 I_R1 := boringCert(t, "I_R1", boringRSAKey(t, 3072), R1, boringCertCA|boringCertFIPSOK)
356 I_R2 := boringCert(t, "I_R2", I_R1.key, R2, boringCertCA|boringCertFIPSOK)
357 I_M1 := boringCert(t, "I_M1", I_R1.key, M1_R1, boringCertCA|boringCertFIPSOK)
358 I_M2 := boringCert(t, "I_M2", I_R1.key, M2_R1, boringCertCA|boringCertFIPSOK)
359
360 L1_I := boringCert(t, "L1_I", boringECDSAKey(t, elliptic.P384()), I_R1, boringCertLeaf|boringCertFIPSOK)
361 L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf)
362
363
364 testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
365 clientConfig := testConfig.Clone()
366 clientConfig.RootCAs = pool
367 clientConfig.InsecureSkipVerify = false
368 clientConfig.ServerName = "example.com"
369
370 serverConfig := testConfig.Clone()
371 serverConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
372 serverConfig.BuildNameToCertificate()
373
374 clientErr, _ := boringHandshake(t, clientConfig, serverConfig)
375
376 if (clientErr == nil) == ok {
377 if ok {
378 t.Logf("%s: accept", desc)
379 } else {
380 t.Logf("%s: reject", desc)
381 }
382 } else {
383 if ok {
384 t.Errorf("%s: BAD reject (%v)", desc, clientErr)
385 } else {
386 t.Errorf("%s: BAD accept", desc)
387 }
388 }
389 }
390
391
392 testClientCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
393 clientConfig := testConfig.Clone()
394 clientConfig.ServerName = "example.com"
395 clientConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
396
397 serverConfig := testConfig.Clone()
398 serverConfig.ClientCAs = pool
399 serverConfig.ClientAuth = RequireAndVerifyClientCert
400
401 _, serverErr := boringHandshake(t, clientConfig, serverConfig)
402
403 if (serverErr == nil) == ok {
404 if ok {
405 t.Logf("%s: accept", desc)
406 } else {
407 t.Logf("%s: reject", desc)
408 }
409 } else {
410 if ok {
411 t.Errorf("%s: BAD reject (%v)", desc, serverErr)
412 } else {
413 t.Errorf("%s: BAD accept", desc)
414 }
415 }
416 }
417
418
419
420 r1pool := x509.NewCertPool()
421 r1pool.AddCert(R1.cert)
422 testServerCert(t, "basic", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, true)
423 testClientCert(t, "basic (client cert)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, true)
424 fipstls.Force()
425 testServerCert(t, "basic (fips)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
426 testClientCert(t, "basic (fips, client cert)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
427 fipstls.Abandon()
428
429 if t.Failed() {
430 t.Fatal("basic test failed, skipping exhaustive test")
431 }
432
433 if testing.Short() {
434 t.Logf("basic test passed; skipping exhaustive test in -short mode")
435 return
436 }
437
438 for l := 1; l <= 2; l++ {
439 leaf := L1_I
440 if l == 2 {
441 leaf = L2_I
442 }
443 for i := 0; i < 64; i++ {
444 reachable := map[string]bool{leaf.parentOrg: true}
445 reachableFIPS := map[string]bool{leaf.parentOrg: leaf.fipsOK}
446 list := [][]byte{leaf.der}
447 listName := leaf.name
448 addList := func(cond int, c *boringCertificate) {
449 if cond != 0 {
450 list = append(list, c.der)
451 listName += "," + c.name
452 if reachable[c.org] {
453 reachable[c.parentOrg] = true
454 }
455 if reachableFIPS[c.org] && c.fipsOK {
456 reachableFIPS[c.parentOrg] = true
457 }
458 }
459 }
460 addList(i&1, I_R1)
461 addList(i&2, I_R2)
462 addList(i&4, I_M1)
463 addList(i&8, I_M2)
464 addList(i&16, M1_R1)
465 addList(i&32, M2_R1)
466
467 for r := 1; r <= 3; r++ {
468 pool := x509.NewCertPool()
469 rootName := ","
470 shouldVerify := false
471 shouldVerifyFIPS := false
472 addRoot := func(cond int, c *boringCertificate) {
473 if cond != 0 {
474 rootName += "," + c.name
475 pool.AddCert(c.cert)
476 if reachable[c.org] {
477 shouldVerify = true
478 }
479 if reachableFIPS[c.org] && c.fipsOK {
480 shouldVerifyFIPS = true
481 }
482 }
483 }
484 addRoot(r&1, R1)
485 addRoot(r&2, R2)
486 rootName = rootName[1:]
487 testServerCert(t, listName+"->"+rootName[1:], pool, leaf.key, list, shouldVerify)
488 testClientCert(t, listName+"->"+rootName[1:]+"(client cert)", pool, leaf.key, list, shouldVerify)
489 fipstls.Force()
490 testServerCert(t, listName+"->"+rootName[1:]+" (fips)", pool, leaf.key, list, shouldVerifyFIPS)
491 testClientCert(t, listName+"->"+rootName[1:]+" (fips, client cert)", pool, leaf.key, list, shouldVerifyFIPS)
492 fipstls.Abandon()
493 }
494 }
495 }
496 }
497
498 const (
499 boringCertCA = iota
500 boringCertLeaf
501 boringCertFIPSOK = 0x80
502 )
503
504 func boringRSAKey(t *testing.T, size int) *rsa.PrivateKey {
505 k, err := rsa.GenerateKey(rand.Reader, size)
506 if err != nil {
507 t.Fatal(err)
508 }
509 return k
510 }
511
512 func boringECDSAKey(t *testing.T, curve elliptic.Curve) *ecdsa.PrivateKey {
513 k, err := ecdsa.GenerateKey(curve, rand.Reader)
514 if err != nil {
515 t.Fatal(err)
516 }
517 return k
518 }
519
520 type boringCertificate struct {
521 name string
522 org string
523 parentOrg string
524 der []byte
525 cert *x509.Certificate
526 key interface{}
527 fipsOK bool
528 }
529
530 func boringCert(t *testing.T, name string, key interface{}, parent *boringCertificate, mode int) *boringCertificate {
531 org := name
532 parentOrg := ""
533 if i := strings.Index(org, "_"); i >= 0 {
534 org = org[:i]
535 parentOrg = name[i+1:]
536 }
537 tmpl := &x509.Certificate{
538 SerialNumber: big.NewInt(1),
539 Subject: pkix.Name{
540 Organization: []string{org},
541 },
542 NotBefore: time.Unix(0, 0),
543 NotAfter: time.Unix(0, 0),
544
545 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
546 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
547 BasicConstraintsValid: true,
548 }
549 if mode&^boringCertFIPSOK == boringCertLeaf {
550 tmpl.DNSNames = []string{"example.com"}
551 } else {
552 tmpl.IsCA = true
553 tmpl.KeyUsage |= x509.KeyUsageCertSign
554 }
555
556 var pcert *x509.Certificate
557 var pkey interface{}
558 if parent != nil {
559 pcert = parent.cert
560 pkey = parent.key
561 } else {
562 pcert = tmpl
563 pkey = key
564 }
565
566 var pub interface{}
567 switch k := key.(type) {
568 case *rsa.PrivateKey:
569 pub = &k.PublicKey
570 case *ecdsa.PrivateKey:
571 pub = &k.PublicKey
572 default:
573 t.Fatalf("invalid key %T", key)
574 }
575
576 der, err := x509.CreateCertificate(rand.Reader, tmpl, pcert, pub, pkey)
577 if err != nil {
578 t.Fatal(err)
579 }
580 cert, err := x509.ParseCertificate(der)
581 if err != nil {
582 t.Fatal(err)
583 }
584
585 fipsOK := mode&boringCertFIPSOK != 0
586 return &boringCertificate{name, org, parentOrg, der, cert, key, fipsOK}
587 }
588
589
590
591 var (
592 testRSA2048Certificate []byte
593 testRSA2048PrivateKey *rsa.PrivateKey
594 )
595
596 func init() {
597 block, _ := pem.Decode(obscuretestdata.Rot13([]byte(`
598 -----ORTVA PREGVSVPNGR-----
599 ZVVP/mPPNrrtNjVONtVENYUUK/xu4+4mZH9QnemORpDjQDLWXbMVuipANDRYODNj
600 RwRDZN4TN1HRPuZUDJAgMFOQomNrSj0kZGNkZQRkAGN0ZQInSj0lZQRlZwxkAGN0
601 ZQInZOVkRQNBOtAIONbGO0SwoJHtD28jttRvZN0TPFdTFVo3QDRONDHNN4VOQjNj
602 ttRXNbVONDPs8sx0A6vrPOK4VBIVsXvgg4xTpBDYrvzPsfwddUplfZVITRgSFZ6R
603 4Nl141s/7VdqJ0HgVdAo4CKuEBVQ7lQkE284kY6KoPhi/g5uC3HpruLp3uzYvlIq
604 ZxMDvMJgsHHWs/1dBgZ+buAt59YEJc4q+6vK0yn1WY3RjPVpxxAwW9uDoS7Co2PF
605 +RF9Lb55XNnc8XBoycpE8ZOFA38odajwsDqPKiBRBwnz2UHkXmRSK5ZN+sN0zr4P
606 vbPpPEYJXy+TbA9S8sNOsbM+G+2rny4QYhB95eKE8FeBVIOu3KSBe/EIuwgKpAIS
607 MXpiQg6q68I6wNXNLXz5ayw9TCcq4i+eNtZONNTwHQOBZN4TN1HqQjRO/jDRNjVS
608 bQNGOtAIUFHRQQNXOtteOtRSODpQNGNZOtAIUEZONs8RNwNNZOxTN1HqRDDFZOPP
609 QzI4LJ1joTHhM29fLJ5aZN0TPFdTFVo3QDROPjHNN4VONDPBbLfIpSPOuobdr3JU
610 qP6I7KKKRPzawu01e8u80li0AE379aFQ3pj2Z+UXinKlfJdey5uwTIXj0igjQ81e
611 I4WmQh7VsVbt5z8+DAP+7YdQMfm88iQXBefblFIBzHPtzPXSKrj+YN+rB/vDRWGe
612 7rafqqBrKWRc27Rq5iJ+xzJJ3Dztyp2Tjl8jSeZQVdaeaBmON4bPaQRtgKWg0mbt
613 aEjosRZNJv1nDEl5qG9XN3FC9zb5FrGSFmTTUvR4f4tUHr7wifNSS2dtgQ6+jU6f
614 m9o6fukaP7t5VyOXuV7FIO/Hdg2lqW+xU1LowZpVd6ANZ5rAZXtMhWe3+mjfFtju
615 TAnR
616 -----RAQ PREGVSVPNGR-----`)))
617 testRSA2048Certificate = block.Bytes
618
619 block, _ = pem.Decode(obscuretestdata.Rot13([]byte(`
620 -----ORTVA EFN CEVINGR XRL-----
621 ZVVRcNVONNXPNDRNa/U5AQrbattI+PQyFUlbeorWOaQxP3bcta7V6du3ZeQPSEuY
622 EHwBuBNZgrAK/+lXaIgSYFXwJ+Q14HGvN+8t8HqiBZF+y2jee/7rLG91UUbJUA4M
623 v4fyKGWTHVzIeK1SPK/9nweGCdVGLBsF0IdrUshby9WJgFF9kZNvUWWQLlsLHTkr
624 m29txiuRiJXBrFtTdsPwz5nKRsQNHwq/T6c8V30UDy7muQb2cgu1ZFfkOI+GNCaj
625 AWahNbdNaNxF1vcsudQsEsUjNK6Tsx/gazcrNl7wirn10sRdmvSDLq1kGd/0ILL7
626 I3QIEJFaYj7rariSrbjPtTPchM5L/Ew6KrY/djVQNDNONbVONDPAcZMvsq/it42u
627 UqPiYhMnLF0E7FhaSycbKRfygTqYSfac0VsbWM/htSDOFNVVsYjZhzH6bKN1m7Hi
628 98nVLI61QrCeGPQIQSOfUoAzC8WNb8JgohfRojq5mlbO7YLT2+pyxWxyJR73XdHd
629 ezV+HWrlFpy2Tva7MGkOKm1JCOx9IjpajxrnKctNFVOJ23suRPZ9taLRRjnOrm5G
630 6Zr8q1gUgLDi7ifXr7eb9j9/UXeEKrwdLXX1YkxusSevlI+z8YMWMa2aKBn6T3tS
631 Ao8Dx1Hx5CHORAOzlZSWuG4Z/hhFd4LgZeeB2tv8D+sCuhTmp5FfuLXEOc0J4C5e
632 zgIPgRSENbTONZRAOVSYeI2+UfTw0kLSnfXbi/DCr6UFGE1Uu2VMBAc+bX4bfmJR
633 wOG4IpaVGzcy6gP1Jl4TpekwAtXVSMNw+1k1YHHYqbeKxhT8le0gNuT9mAlsJfFl
634 CeFbiP0HIome8Wkkyn+xDIkRDDdJDkCyRIhY8xKnVQN6Ylg1Uchn2YiCNbTONADM
635 p6Yd2G7+OkYkAqv2z8xMmrw5xtmOc/KqIfoSJEyroVK2XeSUfeUmG9CHx3QR1iMX
636 Z6cmGg94aDuJFxQtPnj1FbuRyW3USVSjphfS1FWNp3cDrcq8ht6VLqycQZYgOw/C
637 /5C6OIHgtb05R4+V/G3vLngztyDkGgyM0ExFI2yyNbTONYBKxXSK7nuCis0JxfQu
638 hGshSBGCbbjtDT0RctJ0jEqPkrt/WYvp3yFQ0tfggDI2JfErpelJpknryEt10EzB
639 38OobtzunS4kitfFihwBsvMGR8bX1G43Z+6AXfVyZY3LVYocH/9nWkCJl0f2QdQe
640 pDWuMeyx+cmwON7Oas/HEqjkNbTNXE/PAj14Q+zeY3LYoovPKvlqdkIjki5cqMqm
641 8guv3GApfJP4vTHEqpIdosHvaICqWvKr/Xnp3JTPrEWnSItoXNBkYgv1EO5ZxVut
642 Q8rlhcOdx4J1Y1txekdfqw4GSykxjZljwy2R2F4LlD8COg6I04QbIEMfVXmdm+CS
643 HvbaCd0PtLOPLKidvbWuCrjxBd/L5jeQOrMJ1SDX5DQ9J5Z8/5mkq4eqiWgwuoWc
644 bBegiZqey6hcl9Um4OWQ3SKjISvCSR7wdrAdv0S21ivYkOCZZQ3HBQS6YY5RlYvE
645 9I4kIZF8XKkit7ekfhdmZCfpIvnJHY6JAIOufQ2+92qUkFKmm5RWXD==
646 -----RAQ EFN CEVINGR XRL-----`)))
647 var err error
648 testRSA2048PrivateKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
649 if err != nil {
650 panic(err)
651 }
652 }
653
View as plain text