Source file
src/crypto/tls/boring_test.go
1
2
3
4
5
6
7 package tls
8
9 import (
10 "crypto/ecdsa"
11 "crypto/elliptic"
12 "crypto/internal/boring/fipstls"
13 "crypto/rand"
14 "crypto/rsa"
15 "crypto/x509"
16 "crypto/x509/pkix"
17 "encoding/pem"
18 "fmt"
19 "internal/obscuretestdata"
20 "math/big"
21 "net"
22 "runtime"
23 "strings"
24 "testing"
25 "time"
26 )
27
28 func TestBoringServerProtocolVersion(t *testing.T) {
29 test := func(name string, v uint16, msg string) {
30 t.Run(name, func(t *testing.T) {
31 serverConfig := testConfig.Clone()
32 serverConfig.MinVersion = VersionSSL30
33 clientHello := &clientHelloMsg{
34 vers: v,
35 random: make([]byte, 32),
36 cipherSuites: allCipherSuites(),
37 compressionMethods: []uint8{compressionNone},
38 supportedVersions: []uint16{v},
39 }
40 testClientHelloFailure(t, serverConfig, clientHello, msg)
41 })
42 }
43
44 test("VersionTLS10", VersionTLS10, "")
45 test("VersionTLS11", VersionTLS11, "")
46 test("VersionTLS12", VersionTLS12, "")
47 test("VersionTLS13", VersionTLS13, "")
48
49 fipstls.Force()
50 defer fipstls.Abandon()
51 test("VersionSSL30", VersionSSL30, "client offered only unsupported versions")
52 test("VersionTLS10", VersionTLS10, "client offered only unsupported versions")
53 test("VersionTLS11", VersionTLS11, "client offered only unsupported versions")
54 test("VersionTLS12", VersionTLS12, "")
55 test("VersionTLS13", VersionTLS13, "client offered only unsupported versions")
56 }
57
58 func isBoringVersion(v uint16) bool {
59 return v == VersionTLS12
60 }
61
62 func isBoringCipherSuite(id uint16) bool {
63 switch id {
64 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
65 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
66 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
67 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
68 TLS_RSA_WITH_AES_128_GCM_SHA256,
69 TLS_RSA_WITH_AES_256_GCM_SHA384:
70 return true
71 }
72 return false
73 }
74
75 func isBoringCurve(id CurveID) bool {
76 switch id {
77 case CurveP256, CurveP384, CurveP521:
78 return true
79 }
80 return false
81 }
82
83 func isECDSA(id uint16) bool {
84 for _, suite := range cipherSuites {
85 if suite.id == id {
86 return suite.flags&suiteECSign == suiteECSign
87 }
88 }
89 panic(fmt.Sprintf("unknown cipher suite %#x", id))
90 }
91
92 func isBoringSignatureScheme(alg SignatureScheme) bool {
93 switch alg {
94 default:
95 return false
96 case PKCS1WithSHA256,
97 ECDSAWithP256AndSHA256,
98 PKCS1WithSHA384,
99 ECDSAWithP384AndSHA384,
100 PKCS1WithSHA512,
101 ECDSAWithP521AndSHA512,
102 PSSWithSHA256,
103 PSSWithSHA384,
104 PSSWithSHA512:
105
106 }
107 return true
108 }
109
110 func TestBoringServerCipherSuites(t *testing.T) {
111 serverConfig := testConfig.Clone()
112 serverConfig.CipherSuites = allCipherSuites()
113 serverConfig.Certificates = make([]Certificate, 1)
114
115 for _, id := range allCipherSuites() {
116 if isECDSA(id) {
117 serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
118 serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
119 } else {
120 serverConfig.Certificates[0].Certificate = [][]byte{testRSACertificate}
121 serverConfig.Certificates[0].PrivateKey = testRSAPrivateKey
122 }
123 serverConfig.BuildNameToCertificate()
124 t.Run(fmt.Sprintf("suite=%#x", id), func(t *testing.T) {
125 clientHello := &clientHelloMsg{
126 vers: VersionTLS12,
127 random: make([]byte, 32),
128 cipherSuites: []uint16{id},
129 compressionMethods: []uint8{compressionNone},
130 supportedCurves: defaultCurvePreferences,
131 supportedPoints: []uint8{pointFormatUncompressed},
132 }
133
134 testClientHello(t, serverConfig, clientHello)
135 t.Run("fipstls", func(t *testing.T) {
136 fipstls.Force()
137 defer fipstls.Abandon()
138 msg := ""
139 if !isBoringCipherSuite(id) {
140 msg = "no cipher suite supported by both client and server"
141 }
142 testClientHelloFailure(t, serverConfig, clientHello, msg)
143 })
144 })
145 }
146 }
147
148 func TestBoringServerCurves(t *testing.T) {
149 serverConfig := testConfig.Clone()
150 serverConfig.Certificates = make([]Certificate, 1)
151 serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
152 serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
153 serverConfig.BuildNameToCertificate()
154
155 for _, curveid := range defaultCurvePreferences {
156 t.Run(fmt.Sprintf("curve=%d", curveid), func(t *testing.T) {
157 clientHello := &clientHelloMsg{
158 vers: VersionTLS12,
159 random: make([]byte, 32),
160 cipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
161 compressionMethods: []uint8{compressionNone},
162 supportedCurves: []CurveID{curveid},
163 supportedPoints: []uint8{pointFormatUncompressed},
164 }
165
166 testClientHello(t, serverConfig, clientHello)
167
168
169 t.Run("fipstls", func(t *testing.T) {
170 fipstls.Force()
171 defer fipstls.Abandon()
172 msg := ""
173 if !isBoringCurve(curveid) {
174 msg = "no cipher suite supported by both client and server"
175 }
176 testClientHelloFailure(t, serverConfig, clientHello, msg)
177 })
178 })
179 }
180 }
181
182 func boringHandshake(t *testing.T, clientConfig, serverConfig *Config) (clientErr, serverErr error) {
183 c, s := localPipe(t)
184 client := Client(c, clientConfig)
185 server := Server(s, serverConfig)
186 done := make(chan error, 1)
187 go func() {
188 done <- client.Handshake()
189 c.Close()
190 }()
191 serverErr = server.Handshake()
192 s.Close()
193 clientErr = <-done
194 return
195 }
196
197 func TestBoringServerSignatureAndHash(t *testing.T) {
198 defer func() {
199 testingOnlyForceClientHelloSignatureAlgorithms = nil
200 }()
201
202 for _, sigHash := range defaultSupportedSignatureAlgorithms {
203 t.Run(fmt.Sprintf("%v", sigHash), func(t *testing.T) {
204 serverConfig := testConfig.Clone()
205 serverConfig.Certificates = make([]Certificate, 1)
206
207 testingOnlyForceClientHelloSignatureAlgorithms = []SignatureScheme{sigHash}
208
209 sigType, _, _ := typeAndHashFromSignatureScheme(sigHash)
210 switch sigType {
211 case signaturePKCS1v15, signatureRSAPSS:
212 serverConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}
213 serverConfig.Certificates[0].Certificate = [][]byte{testRSA2048Certificate}
214 serverConfig.Certificates[0].PrivateKey = testRSA2048PrivateKey
215 case signatureEd25519:
216 serverConfig.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}
217 serverConfig.Certificates[0].Certificate = [][]byte{testEd25519Certificate}
218 serverConfig.Certificates[0].PrivateKey = testEd25519PrivateKey
219 case signatureECDSA:
220 serverConfig.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}
221 serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
222 serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
223 }
224 serverConfig.BuildNameToCertificate()
225
226
227 serverConfig.MaxVersion = VersionTLS12
228
229 clientErr, serverErr := boringHandshake(t, testConfig, serverConfig)
230 if clientErr != nil {
231 t.Fatalf("expected handshake with %#x to succeed; client error: %v; server error: %v", sigHash, clientErr, serverErr)
232 }
233
234
235 t.Run("fipstls", func(t *testing.T) {
236 fipstls.Force()
237 defer fipstls.Abandon()
238 clientErr, _ := boringHandshake(t, testConfig, serverConfig)
239 if isBoringSignatureScheme(sigHash) {
240 if clientErr != nil {
241 t.Fatalf("expected handshake with %#x to succeed; err=%v", sigHash, clientErr)
242 }
243 } else {
244 if clientErr == nil {
245 t.Fatalf("expected handshake with %#x to fail, but it succeeded", sigHash)
246 }
247 }
248 })
249 })
250 }
251 }
252
253 func TestBoringClientHello(t *testing.T) {
254
255
256 fipstls.Force()
257 defer fipstls.Abandon()
258
259 c, s := net.Pipe()
260 defer c.Close()
261 defer s.Close()
262
263 clientConfig := testConfig.Clone()
264
265 clientConfig.MinVersion = VersionSSL30
266 clientConfig.MaxVersion = VersionTLS13
267 clientConfig.CipherSuites = allCipherSuites()
268 clientConfig.CurvePreferences = defaultCurvePreferences
269
270 go Client(c, clientConfig).Handshake()
271 srv := Server(s, testConfig)
272 msg, err := srv.readHandshake(nil)
273 if err != nil {
274 t.Fatal(err)
275 }
276 hello, ok := msg.(*clientHelloMsg)
277 if !ok {
278 t.Fatalf("unexpected message type %T", msg)
279 }
280
281 if !isBoringVersion(hello.vers) {
282 t.Errorf("client vers=%#x, want %#x (TLS 1.2)", hello.vers, VersionTLS12)
283 }
284 for _, v := range hello.supportedVersions {
285 if !isBoringVersion(v) {
286 t.Errorf("client offered disallowed version %#x", v)
287 }
288 }
289 for _, id := range hello.cipherSuites {
290 if !isBoringCipherSuite(id) {
291 t.Errorf("client offered disallowed suite %#x", id)
292 }
293 }
294 for _, id := range hello.supportedCurves {
295 if !isBoringCurve(id) {
296 t.Errorf("client offered disallowed curve %d", id)
297 }
298 }
299 for _, sigHash := range hello.supportedSignatureAlgorithms {
300 if !isBoringSignatureScheme(sigHash) {
301 t.Errorf("client offered disallowed signature-and-hash %v", sigHash)
302 }
303 }
304 }
305
306 func TestBoringCertAlgs(t *testing.T) {
307
308 if runtime.GOOS == "nacl" || runtime.GOARCH == "arm" || runtime.GOOS == "js" {
309 t.Skipf("skipping on %s/%s because key generation takes too long", runtime.GOOS, runtime.GOARCH)
310 }
311
312
313
314 R1 := boringCert(t, "R1", boringRSAKey(t, 2048), nil, boringCertCA|boringCertFIPSOK)
315 R2 := boringCert(t, "R2", boringRSAKey(t, 512), nil, boringCertCA)
316
317 M1_R1 := boringCert(t, "M1_R1", boringECDSAKey(t, elliptic.P256()), R1, boringCertCA|boringCertFIPSOK)
318 M2_R1 := boringCert(t, "M2_R1", boringECDSAKey(t, elliptic.P224()), R1, boringCertCA)
319
320 I_R1 := boringCert(t, "I_R1", boringRSAKey(t, 3072), R1, boringCertCA|boringCertFIPSOK)
321 I_R2 := boringCert(t, "I_R2", I_R1.key, R2, boringCertCA|boringCertFIPSOK)
322 I_M1 := boringCert(t, "I_M1", I_R1.key, M1_R1, boringCertCA|boringCertFIPSOK)
323 I_M2 := boringCert(t, "I_M2", I_R1.key, M2_R1, boringCertCA|boringCertFIPSOK)
324
325 L1_I := boringCert(t, "L1_I", boringECDSAKey(t, elliptic.P384()), I_R1, boringCertLeaf|boringCertFIPSOK)
326 L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf)
327
328
329 testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
330 clientConfig := testConfig.Clone()
331 clientConfig.RootCAs = pool
332 clientConfig.InsecureSkipVerify = false
333 clientConfig.ServerName = "example.com"
334
335 serverConfig := testConfig.Clone()
336 serverConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
337 serverConfig.BuildNameToCertificate()
338
339 clientErr, _ := boringHandshake(t, clientConfig, serverConfig)
340
341 if (clientErr == nil) == ok {
342 if ok {
343 t.Logf("%s: accept", desc)
344 } else {
345 t.Logf("%s: reject", desc)
346 }
347 } else {
348 if ok {
349 t.Errorf("%s: BAD reject (%v)", desc, clientErr)
350 } else {
351 t.Errorf("%s: BAD accept", desc)
352 }
353 }
354 }
355
356
357 testClientCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
358 clientConfig := testConfig.Clone()
359 clientConfig.ServerName = "example.com"
360 clientConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
361
362 serverConfig := testConfig.Clone()
363 serverConfig.ClientCAs = pool
364 serverConfig.ClientAuth = RequireAndVerifyClientCert
365
366 _, serverErr := boringHandshake(t, clientConfig, serverConfig)
367
368 if (serverErr == nil) == ok {
369 if ok {
370 t.Logf("%s: accept", desc)
371 } else {
372 t.Logf("%s: reject", desc)
373 }
374 } else {
375 if ok {
376 t.Errorf("%s: BAD reject (%v)", desc, serverErr)
377 } else {
378 t.Errorf("%s: BAD accept", desc)
379 }
380 }
381 }
382
383
384
385 r1pool := x509.NewCertPool()
386 r1pool.AddCert(R1.cert)
387 testServerCert(t, "basic", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, true)
388 testClientCert(t, "basic (client cert)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, true)
389 fipstls.Force()
390 testServerCert(t, "basic (fips)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
391 testClientCert(t, "basic (fips, client cert)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
392 fipstls.Abandon()
393
394 if t.Failed() {
395 t.Fatal("basic test failed, skipping exhaustive test")
396 }
397
398 if testing.Short() {
399 t.Logf("basic test passed; skipping exhaustive test in -short mode")
400 return
401 }
402
403 for l := 1; l <= 2; l++ {
404 leaf := L1_I
405 if l == 2 {
406 leaf = L2_I
407 }
408 for i := 0; i < 64; i++ {
409 reachable := map[string]bool{leaf.parentOrg: true}
410 reachableFIPS := map[string]bool{leaf.parentOrg: leaf.fipsOK}
411 list := [][]byte{leaf.der}
412 listName := leaf.name
413 addList := func(cond int, c *boringCertificate) {
414 if cond != 0 {
415 list = append(list, c.der)
416 listName += "," + c.name
417 if reachable[c.org] {
418 reachable[c.parentOrg] = true
419 }
420 if reachableFIPS[c.org] && c.fipsOK {
421 reachableFIPS[c.parentOrg] = true
422 }
423 }
424 }
425 addList(i&1, I_R1)
426 addList(i&2, I_R2)
427 addList(i&4, I_M1)
428 addList(i&8, I_M2)
429 addList(i&16, M1_R1)
430 addList(i&32, M2_R1)
431
432 for r := 1; r <= 3; r++ {
433 pool := x509.NewCertPool()
434 rootName := ","
435 shouldVerify := false
436 shouldVerifyFIPS := false
437 addRoot := func(cond int, c *boringCertificate) {
438 if cond != 0 {
439 rootName += "," + c.name
440 pool.AddCert(c.cert)
441 if reachable[c.org] {
442 shouldVerify = true
443 }
444 if reachableFIPS[c.org] && c.fipsOK {
445 shouldVerifyFIPS = true
446 }
447 }
448 }
449 addRoot(r&1, R1)
450 addRoot(r&2, R2)
451 rootName = rootName[1:]
452 testServerCert(t, listName+"->"+rootName[1:], pool, leaf.key, list, shouldVerify)
453 testClientCert(t, listName+"->"+rootName[1:]+"(client cert)", pool, leaf.key, list, shouldVerify)
454 fipstls.Force()
455 testServerCert(t, listName+"->"+rootName[1:]+" (fips)", pool, leaf.key, list, shouldVerifyFIPS)
456 testClientCert(t, listName+"->"+rootName[1:]+" (fips, client cert)", pool, leaf.key, list, shouldVerifyFIPS)
457 fipstls.Abandon()
458 }
459 }
460 }
461 }
462
463 const (
464 boringCertCA = iota
465 boringCertLeaf
466 boringCertFIPSOK = 0x80
467 )
468
469 func boringRSAKey(t *testing.T, size int) *rsa.PrivateKey {
470 k, err := rsa.GenerateKey(rand.Reader, size)
471 if err != nil {
472 t.Fatal(err)
473 }
474 return k
475 }
476
477 func boringECDSAKey(t *testing.T, curve elliptic.Curve) *ecdsa.PrivateKey {
478 k, err := ecdsa.GenerateKey(curve, rand.Reader)
479 if err != nil {
480 t.Fatal(err)
481 }
482 return k
483 }
484
485 type boringCertificate struct {
486 name string
487 org string
488 parentOrg string
489 der []byte
490 cert *x509.Certificate
491 key interface{}
492 fipsOK bool
493 }
494
495 func boringCert(t *testing.T, name string, key interface{}, parent *boringCertificate, mode int) *boringCertificate {
496 org := name
497 parentOrg := ""
498 if i := strings.Index(org, "_"); i >= 0 {
499 org = org[:i]
500 parentOrg = name[i+1:]
501 }
502 tmpl := &x509.Certificate{
503 SerialNumber: big.NewInt(1),
504 Subject: pkix.Name{
505 Organization: []string{org},
506 },
507 NotBefore: time.Unix(0, 0),
508 NotAfter: time.Unix(0, 0),
509
510 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
511 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
512 BasicConstraintsValid: true,
513 }
514 if mode&^boringCertFIPSOK == boringCertLeaf {
515 tmpl.DNSNames = []string{"example.com"}
516 } else {
517 tmpl.IsCA = true
518 tmpl.KeyUsage |= x509.KeyUsageCertSign
519 }
520
521 var pcert *x509.Certificate
522 var pkey interface{}
523 if parent != nil {
524 pcert = parent.cert
525 pkey = parent.key
526 } else {
527 pcert = tmpl
528 pkey = key
529 }
530
531 var pub interface{}
532 switch k := key.(type) {
533 case *rsa.PrivateKey:
534 pub = &k.PublicKey
535 case *ecdsa.PrivateKey:
536 pub = &k.PublicKey
537 default:
538 t.Fatalf("invalid key %T", key)
539 }
540
541 der, err := x509.CreateCertificate(rand.Reader, tmpl, pcert, pub, pkey)
542 if err != nil {
543 t.Fatal(err)
544 }
545 cert, err := x509.ParseCertificate(der)
546 if err != nil {
547 t.Fatal(err)
548 }
549
550 fipsOK := mode&boringCertFIPSOK != 0
551 return &boringCertificate{name, org, parentOrg, der, cert, key, fipsOK}
552 }
553
554
555
556 var (
557 testRSA2048Certificate []byte
558 testRSA2048PrivateKey *rsa.PrivateKey
559 )
560
561 func init() {
562 block, _ := pem.Decode(obscuretestdata.Rot13([]byte(`
563 -----ORTVA PREGVSVPNGR-----
564 ZVVP/mPPNrrtNjVONtVENYUUK/xu4+4mZH9QnemORpDjQDLWXbMVuipANDRYODNj
565 RwRDZN4TN1HRPuZUDJAgMFOQomNrSj0kZGNkZQRkAGN0ZQInSj0lZQRlZwxkAGN0
566 ZQInZOVkRQNBOtAIONbGO0SwoJHtD28jttRvZN0TPFdTFVo3QDRONDHNN4VOQjNj
567 ttRXNbVONDPs8sx0A6vrPOK4VBIVsXvgg4xTpBDYrvzPsfwddUplfZVITRgSFZ6R
568 4Nl141s/7VdqJ0HgVdAo4CKuEBVQ7lQkE284kY6KoPhi/g5uC3HpruLp3uzYvlIq
569 ZxMDvMJgsHHWs/1dBgZ+buAt59YEJc4q+6vK0yn1WY3RjPVpxxAwW9uDoS7Co2PF
570 +RF9Lb55XNnc8XBoycpE8ZOFA38odajwsDqPKiBRBwnz2UHkXmRSK5ZN+sN0zr4P
571 vbPpPEYJXy+TbA9S8sNOsbM+G+2rny4QYhB95eKE8FeBVIOu3KSBe/EIuwgKpAIS
572 MXpiQg6q68I6wNXNLXz5ayw9TCcq4i+eNtZONNTwHQOBZN4TN1HqQjRO/jDRNjVS
573 bQNGOtAIUFHRQQNXOtteOtRSODpQNGNZOtAIUEZONs8RNwNNZOxTN1HqRDDFZOPP
574 QzI4LJ1joTHhM29fLJ5aZN0TPFdTFVo3QDROPjHNN4VONDPBbLfIpSPOuobdr3JU
575 qP6I7KKKRPzawu01e8u80li0AE379aFQ3pj2Z+UXinKlfJdey5uwTIXj0igjQ81e
576 I4WmQh7VsVbt5z8+DAP+7YdQMfm88iQXBefblFIBzHPtzPXSKrj+YN+rB/vDRWGe
577 7rafqqBrKWRc27Rq5iJ+xzJJ3Dztyp2Tjl8jSeZQVdaeaBmON4bPaQRtgKWg0mbt
578 aEjosRZNJv1nDEl5qG9XN3FC9zb5FrGSFmTTUvR4f4tUHr7wifNSS2dtgQ6+jU6f
579 m9o6fukaP7t5VyOXuV7FIO/Hdg2lqW+xU1LowZpVd6ANZ5rAZXtMhWe3+mjfFtju
580 TAnR
581 -----RAQ PREGVSVPNGR-----`)))
582 testRSA2048Certificate = block.Bytes
583
584 block, _ = pem.Decode(obscuretestdata.Rot13([]byte(`
585 -----ORTVA EFN CEVINGR XRL-----
586 ZVVRcNVONNXPNDRNa/U5AQrbattI+PQyFUlbeorWOaQxP3bcta7V6du3ZeQPSEuY
587 EHwBuBNZgrAK/+lXaIgSYFXwJ+Q14HGvN+8t8HqiBZF+y2jee/7rLG91UUbJUA4M
588 v4fyKGWTHVzIeK1SPK/9nweGCdVGLBsF0IdrUshby9WJgFF9kZNvUWWQLlsLHTkr
589 m29txiuRiJXBrFtTdsPwz5nKRsQNHwq/T6c8V30UDy7muQb2cgu1ZFfkOI+GNCaj
590 AWahNbdNaNxF1vcsudQsEsUjNK6Tsx/gazcrNl7wirn10sRdmvSDLq1kGd/0ILL7
591 I3QIEJFaYj7rariSrbjPtTPchM5L/Ew6KrY/djVQNDNONbVONDPAcZMvsq/it42u
592 UqPiYhMnLF0E7FhaSycbKRfygTqYSfac0VsbWM/htSDOFNVVsYjZhzH6bKN1m7Hi
593 98nVLI61QrCeGPQIQSOfUoAzC8WNb8JgohfRojq5mlbO7YLT2+pyxWxyJR73XdHd
594 ezV+HWrlFpy2Tva7MGkOKm1JCOx9IjpajxrnKctNFVOJ23suRPZ9taLRRjnOrm5G
595 6Zr8q1gUgLDi7ifXr7eb9j9/UXeEKrwdLXX1YkxusSevlI+z8YMWMa2aKBn6T3tS
596 Ao8Dx1Hx5CHORAOzlZSWuG4Z/hhFd4LgZeeB2tv8D+sCuhTmp5FfuLXEOc0J4C5e
597 zgIPgRSENbTONZRAOVSYeI2+UfTw0kLSnfXbi/DCr6UFGE1Uu2VMBAc+bX4bfmJR
598 wOG4IpaVGzcy6gP1Jl4TpekwAtXVSMNw+1k1YHHYqbeKxhT8le0gNuT9mAlsJfFl
599 CeFbiP0HIome8Wkkyn+xDIkRDDdJDkCyRIhY8xKnVQN6Ylg1Uchn2YiCNbTONADM
600 p6Yd2G7+OkYkAqv2z8xMmrw5xtmOc/KqIfoSJEyroVK2XeSUfeUmG9CHx3QR1iMX
601 Z6cmGg94aDuJFxQtPnj1FbuRyW3USVSjphfS1FWNp3cDrcq8ht6VLqycQZYgOw/C
602 /5C6OIHgtb05R4+V/G3vLngztyDkGgyM0ExFI2yyNbTONYBKxXSK7nuCis0JxfQu
603 hGshSBGCbbjtDT0RctJ0jEqPkrt/WYvp3yFQ0tfggDI2JfErpelJpknryEt10EzB
604 38OobtzunS4kitfFihwBsvMGR8bX1G43Z+6AXfVyZY3LVYocH/9nWkCJl0f2QdQe
605 pDWuMeyx+cmwON7Oas/HEqjkNbTNXE/PAj14Q+zeY3LYoovPKvlqdkIjki5cqMqm
606 8guv3GApfJP4vTHEqpIdosHvaICqWvKr/Xnp3JTPrEWnSItoXNBkYgv1EO5ZxVut
607 Q8rlhcOdx4J1Y1txekdfqw4GSykxjZljwy2R2F4LlD8COg6I04QbIEMfVXmdm+CS
608 HvbaCd0PtLOPLKidvbWuCrjxBd/L5jeQOrMJ1SDX5DQ9J5Z8/5mkq4eqiWgwuoWc
609 bBegiZqey6hcl9Um4OWQ3SKjISvCSR7wdrAdv0S21ivYkOCZZQ3HBQS6YY5RlYvE
610 9I4kIZF8XKkit7ekfhdmZCfpIvnJHY6JAIOufQ2+92qUkFKmm5RWXD==
611 -----RAQ EFN CEVINGR XRL-----`)))
612 var err error
613 testRSA2048PrivateKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
614 if err != nil {
615 panic(err)
616 }
617 }
618
View as plain text