1
2
3
4
5 package packet
6
7 import (
8 "bytes"
9 "encoding/hex"
10 "fmt"
11 "io"
12 "math/big"
13 "testing"
14
15 "crypto"
16 "crypto/rsa"
17 )
18
19 func bigFromBase10(s string) *big.Int {
20 b, ok := new(big.Int).SetString(s, 10)
21 if !ok {
22 panic("bigFromBase10 failed")
23 }
24 return b
25 }
26
27 var encryptedKeyPub = rsa.PublicKey{
28 E: 65537,
29 N: bigFromBase10("115804063926007623305902631768113868327816898845124614648849934718568541074358183759250136204762053879858102352159854352727097033322663029387610959884180306668628526686121021235757016368038585212410610742029286439607686208110250133174279811431933746643015923132833417396844716207301518956640020862630546868823"),
30 }
31
32 var encryptedKeyRSAPriv = &rsa.PrivateKey{
33 PublicKey: encryptedKeyPub,
34 D: bigFromBase10("32355588668219869544751561565313228297765464314098552250409557267371233892496951383426602439009993875125222579159850054973310859166139474359774543943714622292329487391199285040721944491839695981199720170366763547754915493640685849961780092241140181198779299712578774460837139360803883139311171713302987058393"),
35 }
36
37 var encryptedKeyPriv = &PrivateKey{
38 PublicKey: PublicKey{
39 PubKeyAlgo: PubKeyAlgoRSA,
40 KeyId: 0x2a67d68660df41c7,
41 },
42 PrivateKey: encryptedKeyRSAPriv,
43 }
44
45 func TestDecryptingEncryptedKey(t *testing.T) {
46 for i, encryptedKeyHex := range []string{
47 "c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8",
48
49 "c18b032a67d68660df41c70103f8e520c52ae9807183c669ce26e772e482dc5d8cf60e6f59316e145be14d2e5221ee69550db1d5618a8cb002a719f1f0b9345bde21536d410ec90ba86cac37748dec7933eb7f9873873b2d61d3321d1cd44535014f6df58f7bc0c7afb5edc38e1a974428997d2f747f9a173bea9ca53079b409517d332df62d805564cffc9be6",
50 } {
51 const expectedKeyHex = "d930363f7e0308c333b9618617ea728963d8df993665ae7be1092d4926fd864b"
52
53 p, err := Read(readerFromHex(encryptedKeyHex))
54 if err != nil {
55 t.Errorf("#%d: error from Read: %s", i, err)
56 return
57 }
58 ek, ok := p.(*EncryptedKey)
59 if !ok {
60 t.Errorf("#%d: didn't parse an EncryptedKey, got %#v", i, p)
61 return
62 }
63
64 if ek.KeyId != 0x2a67d68660df41c7 || ek.Algo != PubKeyAlgoRSA {
65 t.Errorf("#%d: unexpected EncryptedKey contents: %#v", i, ek)
66 return
67 }
68
69 err = ek.Decrypt(encryptedKeyPriv, nil)
70 if err != nil {
71 t.Errorf("#%d: error from Decrypt: %s", i, err)
72 return
73 }
74
75 if ek.CipherFunc != CipherAES256 {
76 t.Errorf("#%d: unexpected EncryptedKey contents: %#v", i, ek)
77 return
78 }
79
80 keyHex := fmt.Sprintf("%x", ek.Key)
81 if keyHex != expectedKeyHex {
82 t.Errorf("#%d: bad key, got %s want %s", i, keyHex, expectedKeyHex)
83 }
84 }
85 }
86
87 type rsaDecrypter struct {
88 rsaPrivateKey *rsa.PrivateKey
89 decryptCount int
90 }
91
92 func (r *rsaDecrypter) Public() crypto.PublicKey {
93 return &r.rsaPrivateKey.PublicKey
94 }
95
96 func (r *rsaDecrypter) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) {
97 r.decryptCount++
98 return r.rsaPrivateKey.Decrypt(rand, msg, opts)
99 }
100
101 func TestRSADecrypter(t *testing.T) {
102 const encryptedKeyHex = "c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8"
103
104 const expectedKeyHex = "d930363f7e0308c333b9618617ea728963d8df993665ae7be1092d4926fd864b"
105
106 p, err := Read(readerFromHex(encryptedKeyHex))
107 if err != nil {
108 t.Errorf("error from Read: %s", err)
109 return
110 }
111 ek, ok := p.(*EncryptedKey)
112 if !ok {
113 t.Errorf("didn't parse an EncryptedKey, got %#v", p)
114 return
115 }
116
117 if ek.KeyId != 0x2a67d68660df41c7 || ek.Algo != PubKeyAlgoRSA {
118 t.Errorf("unexpected EncryptedKey contents: %#v", ek)
119 return
120 }
121
122 customDecrypter := &rsaDecrypter{
123 rsaPrivateKey: encryptedKeyRSAPriv,
124 }
125
126 customKeyPriv := &PrivateKey{
127 PublicKey: PublicKey{
128 KeyId: ek.KeyId,
129 PubKeyAlgo: PubKeyAlgoRSA,
130 },
131 PrivateKey: customDecrypter,
132 }
133
134 err = ek.Decrypt(customKeyPriv, nil)
135 if err != nil {
136 t.Errorf("error from Decrypt: %s", err)
137 return
138 }
139
140 if ek.CipherFunc != CipherAES256 {
141 t.Errorf("unexpected EncryptedKey contents: %#v", ek)
142 return
143 }
144
145 keyHex := fmt.Sprintf("%x", ek.Key)
146 if keyHex != expectedKeyHex {
147 t.Errorf("bad key, got %s want %s", keyHex, expectedKeyHex)
148 }
149
150 if customDecrypter.decryptCount != 1 {
151 t.Errorf("Expected customDecrypter.Decrypt() to be called 1 time, but was called %d times", customDecrypter.decryptCount)
152 }
153 }
154
155 func TestEncryptingEncryptedKey(t *testing.T) {
156 key := []byte{1, 2, 3, 4}
157 const expectedKeyHex = "01020304"
158 const keyId = 0x2a67d68660df41c7
159
160 pub := &PublicKey{
161 PublicKey: &encryptedKeyPub,
162 KeyId: keyId,
163 PubKeyAlgo: PubKeyAlgoRSA,
164 }
165
166 buf := new(bytes.Buffer)
167 err := SerializeEncryptedKey(buf, pub, CipherAES128, key, nil)
168 if err != nil {
169 t.Errorf("error writing encrypted key packet: %s", err)
170 }
171
172 p, err := Read(buf)
173 if err != nil {
174 t.Errorf("error from Read: %s", err)
175 return
176 }
177 ek, ok := p.(*EncryptedKey)
178 if !ok {
179 t.Errorf("didn't parse an EncryptedKey, got %#v", p)
180 return
181 }
182
183 if ek.KeyId != keyId || ek.Algo != PubKeyAlgoRSA {
184 t.Errorf("unexpected EncryptedKey contents: %#v", ek)
185 return
186 }
187
188 err = ek.Decrypt(encryptedKeyPriv, nil)
189 if err != nil {
190 t.Errorf("error from Decrypt: %s", err)
191 return
192 }
193
194 if ek.CipherFunc != CipherAES128 {
195 t.Errorf("unexpected EncryptedKey contents: %#v", ek)
196 return
197 }
198
199 keyHex := fmt.Sprintf("%x", ek.Key)
200 if keyHex != expectedKeyHex {
201 t.Errorf("bad key, got %s want %s", keyHex, expectedKeyHex)
202 }
203 }
204
205 func TestSerializingEncryptedKey(t *testing.T) {
206 const encryptedKeyHex = "c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8"
207
208 p, err := Read(readerFromHex(encryptedKeyHex))
209 if err != nil {
210 t.Fatalf("error from Read: %s", err)
211 }
212 ek, ok := p.(*EncryptedKey)
213 if !ok {
214 t.Fatalf("didn't parse an EncryptedKey, got %#v", p)
215 }
216
217 var buf bytes.Buffer
218 err = ek.Serialize(&buf)
219 if err != nil {
220 panic(err)
221 }
222
223 if bufHex := hex.EncodeToString(buf.Bytes()); bufHex != encryptedKeyHex {
224 t.Fatalf("serialization of encrypted key differed from original. Original was %s, but reserialized as %s", encryptedKeyHex, bufHex)
225 }
226 }
227
View as plain text