crypto_test.go 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
  1. // Copyright 2015 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package pkcs12
  5. import (
  6. "bytes"
  7. "crypto/x509/pkix"
  8. "encoding/asn1"
  9. "testing"
  10. )
  11. var sha1WithTripleDES = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 12, 1, 3})
  12. func TestPbDecrypterFor(t *testing.T) {
  13. params, _ := asn1.Marshal(pbeParams{
  14. Salt: []byte{1, 2, 3, 4, 5, 6, 7, 8},
  15. Iterations: 2048,
  16. })
  17. alg := pkix.AlgorithmIdentifier{
  18. Algorithm: asn1.ObjectIdentifier([]int{1, 2, 3}),
  19. Parameters: asn1.RawValue{
  20. FullBytes: params,
  21. },
  22. }
  23. pass, _ := bmpString("Sesame open")
  24. _, _, err := pbDecrypterFor(alg, pass)
  25. if _, ok := err.(NotImplementedError); !ok {
  26. t.Errorf("expected not implemented error, got: %T %s", err, err)
  27. }
  28. alg.Algorithm = sha1WithTripleDES
  29. cbc, blockSize, err := pbDecrypterFor(alg, pass)
  30. if err != nil {
  31. t.Errorf("unexpected error from pbDecrypterFor %v", err)
  32. }
  33. if blockSize != 8 {
  34. t.Errorf("unexpected block size %d, wanted 8", blockSize)
  35. }
  36. plaintext := []byte{1, 2, 3, 4, 5, 6, 7, 8}
  37. expectedCiphertext := []byte{185, 73, 135, 249, 137, 1, 122, 247}
  38. ciphertext := make([]byte, len(plaintext))
  39. cbc.CryptBlocks(ciphertext, plaintext)
  40. if bytes.Compare(ciphertext, expectedCiphertext) != 0 {
  41. t.Errorf("bad ciphertext, got %x but wanted %x", ciphertext, expectedCiphertext)
  42. }
  43. }
  44. var pbDecryptTests = []struct {
  45. in []byte
  46. expected []byte
  47. expectedError error
  48. }{
  49. {
  50. []byte("\x33\x73\xf3\x9f\xda\x49\xae\xfc\xa0\x9a\xdf\x5a\x58\xa0\xea\x46"), // 7 padding bytes
  51. []byte("A secret!"),
  52. nil,
  53. },
  54. {
  55. []byte("\x33\x73\xf3\x9f\xda\x49\xae\xfc\x96\x24\x2f\x71\x7e\x32\x3f\xe7"), // 8 padding bytes
  56. []byte("A secret"),
  57. nil,
  58. },
  59. {
  60. []byte("\x35\x0c\xc0\x8d\xab\xa9\x5d\x30\x7f\x9a\xec\x6a\xd8\x9b\x9c\xd9"), // 9 padding bytes, incorrect
  61. nil,
  62. ErrDecryption,
  63. },
  64. {
  65. []byte("\xb2\xf9\x6e\x06\x60\xae\x20\xcf\x08\xa0\x7b\xd9\x6b\x20\xef\x41"), // incorrect padding bytes: [ ... 0x04 0x02 ]
  66. nil,
  67. ErrDecryption,
  68. },
  69. }
  70. func TestPbDecrypt(t *testing.T) {
  71. for i, test := range pbDecryptTests {
  72. decryptable := testDecryptable{
  73. data: test.in,
  74. algorithm: pkix.AlgorithmIdentifier{
  75. Algorithm: sha1WithTripleDES,
  76. Parameters: pbeParams{
  77. Salt: []byte("\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8"),
  78. Iterations: 4096,
  79. }.RawASN1(),
  80. },
  81. }
  82. password, _ := bmpString("sesame")
  83. plaintext, err := pbDecrypt(decryptable, password)
  84. if err != test.expectedError {
  85. t.Errorf("#%d: got error %q, but wanted %q", i, err, test.expectedError)
  86. continue
  87. }
  88. if !bytes.Equal(plaintext, test.expected) {
  89. t.Errorf("#%d: got %x, but wanted %x", i, plaintext, test.expected)
  90. }
  91. }
  92. }
  93. type testDecryptable struct {
  94. data []byte
  95. algorithm pkix.AlgorithmIdentifier
  96. }
  97. func (d testDecryptable) Algorithm() pkix.AlgorithmIdentifier { return d.algorithm }
  98. func (d testDecryptable) Data() []byte { return d.data }
  99. func (params pbeParams) RawASN1() (raw asn1.RawValue) {
  100. asn1Bytes, err := asn1.Marshal(params)
  101. if err != nil {
  102. panic(err)
  103. }
  104. _, err = asn1.Unmarshal(asn1Bytes, &raw)
  105. if err != nil {
  106. panic(err)
  107. }
  108. return
  109. }