1// Copyright 2011 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5package packet
6
7import (
8	"bytes"
9	"crypto"
10	"crypto/rsa"
11	"encoding/hex"
12	"fmt"
13	"io"
14	"math/big"
15	"testing"
16)
17
18func bigFromBase10(s string) *big.Int {
19	b, ok := new(big.Int).SetString(s, 10)
20	if !ok {
21		panic("bigFromBase10 failed")
22	}
23	return b
24}
25
26var encryptedKeyPub = rsa.PublicKey{
27	E: 65537,
28	N: bigFromBase10("115804063926007623305902631768113868327816898845124614648849934718568541074358183759250136204762053879858102352159854352727097033322663029387610959884180306668628526686121021235757016368038585212410610742029286439607686208110250133174279811431933746643015923132833417396844716207301518956640020862630546868823"),
29}
30
31var encryptedKeyRSAPriv = &rsa.PrivateKey{
32	PublicKey: encryptedKeyPub,
33	D:         bigFromBase10("32355588668219869544751561565313228297765464314098552250409557267371233892496951383426602439009993875125222579159850054973310859166139474359774543943714622292329487391199285040721944491839695981199720170366763547754915493640685849961780092241140181198779299712578774460837139360803883139311171713302987058393"),
34}
35
36var encryptedKeyPriv = &PrivateKey{
37	PublicKey: PublicKey{
38		PubKeyAlgo: PubKeyAlgoRSA,
39	},
40	PrivateKey: encryptedKeyRSAPriv,
41}
42
43func TestDecryptingEncryptedKey(t *testing.T) {
44	for i, encryptedKeyHex := range []string{
45		"c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8",
46		// MPI can be shorter than the length of the key.
47		"c18b032a67d68660df41c70103f8e520c52ae9807183c669ce26e772e482dc5d8cf60e6f59316e145be14d2e5221ee69550db1d5618a8cb002a719f1f0b9345bde21536d410ec90ba86cac37748dec7933eb7f9873873b2d61d3321d1cd44535014f6df58f7bc0c7afb5edc38e1a974428997d2f747f9a173bea9ca53079b409517d332df62d805564cffc9be6",
48	} {
49		const expectedKeyHex = "d930363f7e0308c333b9618617ea728963d8df993665ae7be1092d4926fd864b"
50
51		p, err := Read(readerFromHex(encryptedKeyHex))
52		if err != nil {
53			t.Errorf("#%d: error from Read: %s", i, err)
54			return
55		}
56		ek, ok := p.(*EncryptedKey)
57		if !ok {
58			t.Errorf("#%d: didn't parse an EncryptedKey, got %#v", i, p)
59			return
60		}
61
62		if ek.KeyId != 0x2a67d68660df41c7 || ek.Algo != PubKeyAlgoRSA {
63			t.Errorf("#%d: unexpected EncryptedKey contents: %#v", i, ek)
64			return
65		}
66
67		err = ek.Decrypt(encryptedKeyPriv, nil)
68		if err != nil {
69			t.Errorf("#%d: error from Decrypt: %s", i, err)
70			return
71		}
72
73		if ek.CipherFunc != CipherAES256 {
74			t.Errorf("#%d: unexpected EncryptedKey contents: %#v", i, ek)
75			return
76		}
77
78		keyHex := fmt.Sprintf("%x", ek.Key)
79		if keyHex != expectedKeyHex {
80			t.Errorf("#%d: bad key, got %s want %s", i, keyHex, expectedKeyHex)
81		}
82	}
83}
84
85type rsaDecrypter struct {
86	rsaPrivateKey *rsa.PrivateKey
87	decryptCount  int
88}
89
90func (r *rsaDecrypter) Public() crypto.PublicKey {
91	return &r.rsaPrivateKey.PublicKey
92}
93
94func (r *rsaDecrypter) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) {
95	r.decryptCount++
96	return r.rsaPrivateKey.Decrypt(rand, msg, opts)
97}
98
99func TestRSADecrypter(t *testing.T) {
100	const encryptedKeyHex = "c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8"
101
102	const expectedKeyHex = "d930363f7e0308c333b9618617ea728963d8df993665ae7be1092d4926fd864b"
103
104	p, err := Read(readerFromHex(encryptedKeyHex))
105	if err != nil {
106		t.Errorf("error from Read: %s", err)
107		return
108	}
109	ek, ok := p.(*EncryptedKey)
110	if !ok {
111		t.Errorf("didn't parse an EncryptedKey, got %#v", p)
112		return
113	}
114
115	if ek.KeyId != 0x2a67d68660df41c7 || ek.Algo != PubKeyAlgoRSA {
116		t.Errorf("unexpected EncryptedKey contents: %#v", ek)
117		return
118	}
119
120	customDecrypter := &rsaDecrypter{
121		rsaPrivateKey: encryptedKeyRSAPriv,
122	}
123
124	customKeyPriv := &PrivateKey{
125		PublicKey: PublicKey{
126			PubKeyAlgo: PubKeyAlgoRSA,
127		},
128		PrivateKey: customDecrypter,
129	}
130
131	err = ek.Decrypt(customKeyPriv, nil)
132	if err != nil {
133		t.Errorf("error from Decrypt: %s", err)
134		return
135	}
136
137	if ek.CipherFunc != CipherAES256 {
138		t.Errorf("unexpected EncryptedKey contents: %#v", ek)
139		return
140	}
141
142	keyHex := fmt.Sprintf("%x", ek.Key)
143	if keyHex != expectedKeyHex {
144		t.Errorf("bad key, got %s want %s", keyHex, expectedKeyHex)
145	}
146
147	if customDecrypter.decryptCount != 1 {
148		t.Errorf("Expected customDecrypter.Decrypt() to be called 1 time, but was called %d times", customDecrypter.decryptCount)
149	}
150}
151
152func TestEncryptingEncryptedKey(t *testing.T) {
153	key := []byte{1, 2, 3, 4}
154	const expectedKeyHex = "01020304"
155	const keyId = 42
156
157	pub := &PublicKey{
158		PublicKey:  &encryptedKeyPub,
159		KeyId:      keyId,
160		PubKeyAlgo: PubKeyAlgoRSAEncryptOnly,
161	}
162
163	buf := new(bytes.Buffer)
164	err := SerializeEncryptedKey(buf, pub, CipherAES128, key, nil)
165	if err != nil {
166		t.Errorf("error writing encrypted key packet: %s", err)
167	}
168
169	p, err := Read(buf)
170	if err != nil {
171		t.Errorf("error from Read: %s", err)
172		return
173	}
174	ek, ok := p.(*EncryptedKey)
175	if !ok {
176		t.Errorf("didn't parse an EncryptedKey, got %#v", p)
177		return
178	}
179
180	if ek.KeyId != keyId || ek.Algo != PubKeyAlgoRSAEncryptOnly {
181		t.Errorf("unexpected EncryptedKey contents: %#v", ek)
182		return
183	}
184
185	err = ek.Decrypt(encryptedKeyPriv, nil)
186	if err != nil {
187		t.Errorf("error from Decrypt: %s", err)
188		return
189	}
190
191	if ek.CipherFunc != CipherAES128 {
192		t.Errorf("unexpected EncryptedKey contents: %#v", ek)
193		return
194	}
195
196	keyHex := fmt.Sprintf("%x", ek.Key)
197	if keyHex != expectedKeyHex {
198		t.Errorf("bad key, got %s want %s", keyHex, expectedKeyHex)
199	}
200}
201
202func TestSerializingEncryptedKey(t *testing.T) {
203	const encryptedKeyHex = "c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8"
204
205	p, err := Read(readerFromHex(encryptedKeyHex))
206	if err != nil {
207		t.Fatalf("error from Read: %s", err)
208	}
209	ek, ok := p.(*EncryptedKey)
210	if !ok {
211		t.Fatalf("didn't parse an EncryptedKey, got %#v", p)
212	}
213
214	var buf bytes.Buffer
215	ek.Serialize(&buf)
216
217	if bufHex := hex.EncodeToString(buf.Bytes()); bufHex != encryptedKeyHex {
218		t.Fatalf("serialization of encrypted key differed from original. Original was %s, but reserialized as %s", encryptedKeyHex, bufHex)
219	}
220}
221