1// Copyright 2015 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5package pkcs12 6 7import ( 8 "bytes" 9 "crypto/x509/pkix" 10 "encoding/asn1" 11 "testing" 12) 13 14var sha1WithTripleDES = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 12, 1, 3}) 15 16func TestPbDecrypterFor(t *testing.T) { 17 params, _ := asn1.Marshal(pbeParams{ 18 Salt: []byte{1, 2, 3, 4, 5, 6, 7, 8}, 19 Iterations: 2048, 20 }) 21 alg := pkix.AlgorithmIdentifier{ 22 Algorithm: asn1.ObjectIdentifier([]int{1, 2, 3}), 23 Parameters: asn1.RawValue{ 24 FullBytes: params, 25 }, 26 } 27 28 pass, _ := bmpString("Sesame open") 29 30 _, _, err := pbDecrypterFor(alg, pass) 31 if _, ok := err.(NotImplementedError); !ok { 32 t.Errorf("expected not implemented error, got: %T %s", err, err) 33 } 34 35 alg.Algorithm = sha1WithTripleDES 36 cbc, blockSize, err := pbDecrypterFor(alg, pass) 37 if err != nil { 38 t.Errorf("unexpected error from pbDecrypterFor %v", err) 39 } 40 if blockSize != 8 { 41 t.Errorf("unexpected block size %d, wanted 8", blockSize) 42 } 43 44 plaintext := []byte{1, 2, 3, 4, 5, 6, 7, 8} 45 expectedCiphertext := []byte{185, 73, 135, 249, 137, 1, 122, 247} 46 ciphertext := make([]byte, len(plaintext)) 47 cbc.CryptBlocks(ciphertext, plaintext) 48 49 if bytes.Compare(ciphertext, expectedCiphertext) != 0 { 50 t.Errorf("bad ciphertext, got %x but wanted %x", ciphertext, expectedCiphertext) 51 } 52} 53 54var pbDecryptTests = []struct { 55 in []byte 56 expected []byte 57 expectedError error 58}{ 59 { 60 []byte("\x33\x73\xf3\x9f\xda\x49\xae\xfc\xa0\x9a\xdf\x5a\x58\xa0\xea\x46"), // 7 padding bytes 61 []byte("A secret!"), 62 nil, 63 }, 64 { 65 []byte("\x33\x73\xf3\x9f\xda\x49\xae\xfc\x96\x24\x2f\x71\x7e\x32\x3f\xe7"), // 8 padding bytes 66 []byte("A secret"), 67 nil, 68 }, 69 { 70 []byte("\x35\x0c\xc0\x8d\xab\xa9\x5d\x30\x7f\x9a\xec\x6a\xd8\x9b\x9c\xd9"), // 9 padding bytes, incorrect 71 nil, 72 ErrDecryption, 73 }, 74 { 75 []byte("\xb2\xf9\x6e\x06\x60\xae\x20\xcf\x08\xa0\x7b\xd9\x6b\x20\xef\x41"), // incorrect padding bytes: [ ... 0x04 0x02 ] 76 nil, 77 ErrDecryption, 78 }, 79} 80 81func TestPbDecrypt(t *testing.T) { 82 for i, test := range pbDecryptTests { 83 decryptable := testDecryptable{ 84 data: test.in, 85 algorithm: pkix.AlgorithmIdentifier{ 86 Algorithm: sha1WithTripleDES, 87 Parameters: pbeParams{ 88 Salt: []byte("\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8"), 89 Iterations: 4096, 90 }.RawASN1(), 91 }, 92 } 93 password, _ := bmpString("sesame") 94 95 plaintext, err := pbDecrypt(decryptable, password) 96 if err != test.expectedError { 97 t.Errorf("#%d: got error %q, but wanted %q", i, err, test.expectedError) 98 continue 99 } 100 101 if !bytes.Equal(plaintext, test.expected) { 102 t.Errorf("#%d: got %x, but wanted %x", i, plaintext, test.expected) 103 } 104 } 105} 106 107type testDecryptable struct { 108 data []byte 109 algorithm pkix.AlgorithmIdentifier 110} 111 112func (d testDecryptable) Algorithm() pkix.AlgorithmIdentifier { return d.algorithm } 113func (d testDecryptable) Data() []byte { return d.data } 114 115func (params pbeParams) RawASN1() (raw asn1.RawValue) { 116 asn1Bytes, err := asn1.Marshal(params) 117 if err != nil { 118 panic(err) 119 } 120 _, err = asn1.Unmarshal(asn1Bytes, &raw) 121 if err != nil { 122 panic(err) 123 } 124 return 125} 126