1
2
3
4
5 package packet
6
7 import (
8 "bytes"
9 "crypto"
10 "crypto/rsa"
11 "encoding/hex"
12 "fmt"
13 "io"
14 "math/big"
15 "testing"
16 )
17
18 func bigFromBase10(s string) *big.Int {
19 b, ok := new(big.Int).SetString(s, 10)
20 if !ok {
21 panic("bigFromBase10 failed")
22 }
23 return b
24 }
25
26 var encryptedKeyPub = rsa.PublicKey{
27 E: 65537,
28 N: bigFromBase10("115804063926007623305902631768113868327816898845124614648849934718568541074358183759250136204762053879858102352159854352727097033322663029387610959884180306668628526686121021235757016368038585212410610742029286439607686208110250133174279811431933746643015923132833417396844716207301518956640020862630546868823"),
29 }
30
31 var encryptedKeyRSAPriv = &rsa.PrivateKey{
32 PublicKey: encryptedKeyPub,
33 D: bigFromBase10("32355588668219869544751561565313228297765464314098552250409557267371233892496951383426602439009993875125222579159850054973310859166139474359774543943714622292329487391199285040721944491839695981199720170366763547754915493640685849961780092241140181198779299712578774460837139360803883139311171713302987058393"),
34 }
35
36 var encryptedKeyPriv = &PrivateKey{
37 PublicKey: PublicKey{
38 PubKeyAlgo: PubKeyAlgoRSA,
39 },
40 PrivateKey: encryptedKeyRSAPriv,
41 }
42
43 func TestDecryptingEncryptedKey(t *testing.T) {
44 for i, encryptedKeyHex := range []string{
45 "c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8",
46
47 "c18b032a67d68660df41c70103f8e520c52ae9807183c669ce26e772e482dc5d8cf60e6f59316e145be14d2e5221ee69550db1d5618a8cb002a719f1f0b9345bde21536d410ec90ba86cac37748dec7933eb7f9873873b2d61d3321d1cd44535014f6df58f7bc0c7afb5edc38e1a974428997d2f747f9a173bea9ca53079b409517d332df62d805564cffc9be6",
48 } {
49 const expectedKeyHex = "d930363f7e0308c333b9618617ea728963d8df993665ae7be1092d4926fd864b"
50
51 p, err := Read(readerFromHex(encryptedKeyHex))
52 if err != nil {
53 t.Errorf("#%d: error from Read: %s", i, err)
54 return
55 }
56 ek, ok := p.(*EncryptedKey)
57 if !ok {
58 t.Errorf("#%d: didn't parse an EncryptedKey, got %#v", i, p)
59 return
60 }
61
62 if ek.KeyId != 0x2a67d68660df41c7 || ek.Algo != PubKeyAlgoRSA {
63 t.Errorf("#%d: unexpected EncryptedKey contents: %#v", i, ek)
64 return
65 }
66
67 err = ek.Decrypt(encryptedKeyPriv, nil)
68 if err != nil {
69 t.Errorf("#%d: error from Decrypt: %s", i, err)
70 return
71 }
72
73 if ek.CipherFunc != CipherAES256 {
74 t.Errorf("#%d: unexpected EncryptedKey contents: %#v", i, ek)
75 return
76 }
77
78 keyHex := fmt.Sprintf("%x", ek.Key)
79 if keyHex != expectedKeyHex {
80 t.Errorf("#%d: bad key, got %s want %s", i, keyHex, expectedKeyHex)
81 }
82 }
83 }
84
85 type rsaDecrypter struct {
86 rsaPrivateKey *rsa.PrivateKey
87 decryptCount int
88 }
89
90 func (r *rsaDecrypter) Public() crypto.PublicKey {
91 return &r.rsaPrivateKey.PublicKey
92 }
93
94 func (r *rsaDecrypter) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) {
95 r.decryptCount++
96 return r.rsaPrivateKey.Decrypt(rand, msg, opts)
97 }
98
99 func TestRSADecrypter(t *testing.T) {
100 const encryptedKeyHex = "c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8"
101
102 const expectedKeyHex = "d930363f7e0308c333b9618617ea728963d8df993665ae7be1092d4926fd864b"
103
104 p, err := Read(readerFromHex(encryptedKeyHex))
105 if err != nil {
106 t.Errorf("error from Read: %s", err)
107 return
108 }
109 ek, ok := p.(*EncryptedKey)
110 if !ok {
111 t.Errorf("didn't parse an EncryptedKey, got %#v", p)
112 return
113 }
114
115 if ek.KeyId != 0x2a67d68660df41c7 || ek.Algo != PubKeyAlgoRSA {
116 t.Errorf("unexpected EncryptedKey contents: %#v", ek)
117 return
118 }
119
120 customDecrypter := &rsaDecrypter{
121 rsaPrivateKey: encryptedKeyRSAPriv,
122 }
123
124 customKeyPriv := &PrivateKey{
125 PublicKey: PublicKey{
126 PubKeyAlgo: PubKeyAlgoRSA,
127 },
128 PrivateKey: customDecrypter,
129 }
130
131 err = ek.Decrypt(customKeyPriv, nil)
132 if err != nil {
133 t.Errorf("error from Decrypt: %s", err)
134 return
135 }
136
137 if ek.CipherFunc != CipherAES256 {
138 t.Errorf("unexpected EncryptedKey contents: %#v", ek)
139 return
140 }
141
142 keyHex := fmt.Sprintf("%x", ek.Key)
143 if keyHex != expectedKeyHex {
144 t.Errorf("bad key, got %s want %s", keyHex, expectedKeyHex)
145 }
146
147 if customDecrypter.decryptCount != 1 {
148 t.Errorf("Expected customDecrypter.Decrypt() to be called 1 time, but was called %d times", customDecrypter.decryptCount)
149 }
150 }
151
152 func TestEncryptingEncryptedKey(t *testing.T) {
153 key := []byte{1, 2, 3, 4}
154 const expectedKeyHex = "01020304"
155 const keyId = 42
156
157 pub := &PublicKey{
158 PublicKey: &encryptedKeyPub,
159 KeyId: keyId,
160 PubKeyAlgo: PubKeyAlgoRSAEncryptOnly,
161 }
162
163 buf := new(bytes.Buffer)
164 err := SerializeEncryptedKey(buf, pub, CipherAES128, key, nil)
165 if err != nil {
166 t.Errorf("error writing encrypted key packet: %s", err)
167 }
168
169 p, err := Read(buf)
170 if err != nil {
171 t.Errorf("error from Read: %s", err)
172 return
173 }
174 ek, ok := p.(*EncryptedKey)
175 if !ok {
176 t.Errorf("didn't parse an EncryptedKey, got %#v", p)
177 return
178 }
179
180 if ek.KeyId != keyId || ek.Algo != PubKeyAlgoRSAEncryptOnly {
181 t.Errorf("unexpected EncryptedKey contents: %#v", ek)
182 return
183 }
184
185 err = ek.Decrypt(encryptedKeyPriv, nil)
186 if err != nil {
187 t.Errorf("error from Decrypt: %s", err)
188 return
189 }
190
191 if ek.CipherFunc != CipherAES128 {
192 t.Errorf("unexpected EncryptedKey contents: %#v", ek)
193 return
194 }
195
196 keyHex := fmt.Sprintf("%x", ek.Key)
197 if keyHex != expectedKeyHex {
198 t.Errorf("bad key, got %s want %s", keyHex, expectedKeyHex)
199 }
200 }
201
202 func TestSerializingEncryptedKey(t *testing.T) {
203 const encryptedKeyHex = "c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8"
204
205 p, err := Read(readerFromHex(encryptedKeyHex))
206 if err != nil {
207 t.Fatalf("error from Read: %s", err)
208 }
209 ek, ok := p.(*EncryptedKey)
210 if !ok {
211 t.Fatalf("didn't parse an EncryptedKey, got %#v", p)
212 }
213
214 var buf bytes.Buffer
215 ek.Serialize(&buf)
216
217 if bufHex := hex.EncodeToString(buf.Bytes()); bufHex != encryptedKeyHex {
218 t.Fatalf("serialization of encrypted key differed from original. Original was %s, but reserialized as %s", encryptedKeyHex, bufHex)
219 }
220 }
221
View as plain text