...

Source file src/crypto/rsa/rsa_test.go

Documentation: crypto/rsa

     1  // Copyright 2009 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package rsa_test
     6  
     7  import (
     8  	"bufio"
     9  	"bytes"
    10  	"crypto"
    11  	"crypto/internal/boring"
    12  	"crypto/rand"
    13  	. "crypto/rsa"
    14  	"crypto/sha1"
    15  	"crypto/sha256"
    16  	"crypto/x509"
    17  	"encoding/pem"
    18  	"flag"
    19  	"fmt"
    20  	"internal/testenv"
    21  	"math/big"
    22  	"strings"
    23  	"testing"
    24  )
    25  
    26  func TestKeyGeneration(t *testing.T) {
    27  	for _, size := range []int{128, 1024, 2048, 3072} {
    28  		priv, err := GenerateKey(rand.Reader, size)
    29  		if err != nil {
    30  			t.Errorf("GenerateKey(%d): %v", size, err)
    31  		}
    32  		if bits := priv.N.BitLen(); bits != size {
    33  			t.Errorf("key too short (%d vs %d)", bits, size)
    34  		}
    35  		testKeyBasics(t, priv)
    36  		if testing.Short() {
    37  			break
    38  		}
    39  	}
    40  }
    41  
    42  func Test3PrimeKeyGeneration(t *testing.T) {
    43  	size := 768
    44  	if testing.Short() {
    45  		size = 256
    46  	}
    47  
    48  	priv, err := GenerateMultiPrimeKey(rand.Reader, 3, size)
    49  	if err != nil {
    50  		t.Errorf("failed to generate key")
    51  	}
    52  	testKeyBasics(t, priv)
    53  }
    54  
    55  func Test4PrimeKeyGeneration(t *testing.T) {
    56  	size := 768
    57  	if testing.Short() {
    58  		size = 256
    59  	}
    60  
    61  	priv, err := GenerateMultiPrimeKey(rand.Reader, 4, size)
    62  	if err != nil {
    63  		t.Errorf("failed to generate key")
    64  	}
    65  	testKeyBasics(t, priv)
    66  }
    67  
    68  func TestNPrimeKeyGeneration(t *testing.T) {
    69  	primeSize := 64
    70  	maxN := 24
    71  	if testing.Short() {
    72  		primeSize = 16
    73  		maxN = 16
    74  	}
    75  	// Test that generation of N-prime keys works for N > 4.
    76  	for n := 5; n < maxN; n++ {
    77  		priv, err := GenerateMultiPrimeKey(rand.Reader, n, 64+n*primeSize)
    78  		if err == nil {
    79  			testKeyBasics(t, priv)
    80  		} else {
    81  			t.Errorf("failed to generate %d-prime key", n)
    82  		}
    83  	}
    84  }
    85  
    86  func TestImpossibleKeyGeneration(t *testing.T) {
    87  	// This test ensures that trying to generate toy RSA keys doesn't enter
    88  	// an infinite loop.
    89  	for i := 0; i < 32; i++ {
    90  		GenerateKey(rand.Reader, i)
    91  		GenerateMultiPrimeKey(rand.Reader, 3, i)
    92  		GenerateMultiPrimeKey(rand.Reader, 4, i)
    93  		GenerateMultiPrimeKey(rand.Reader, 5, i)
    94  	}
    95  }
    96  
    97  func TestGnuTLSKey(t *testing.T) {
    98  	// This is a key generated by `certtool --generate-privkey --bits 128`.
    99  	// It's such that de ≢ 1 mod φ(n), but is congruent mod the order of
   100  	// the group.
   101  	priv := parseKey(testingKey(`-----BEGIN RSA TESTING KEY-----
   102  MGECAQACEQDar8EuoZuSosYtE9SeXSyPAgMBAAECEBf7XDET8e6jjTcfO7y/sykC
   103  CQDozXjCjkBzLQIJAPB6MqNbZaQrAghbZTdQoko5LQIIUp9ZiKDdYjMCCCCpqzmX
   104  d8Y7
   105  -----END RSA TESTING KEY-----`))
   106  	testKeyBasics(t, priv)
   107  }
   108  
   109  func testKeyBasics(t *testing.T, priv *PrivateKey) {
   110  	if err := priv.Validate(); err != nil {
   111  		t.Errorf("Validate() failed: %s", err)
   112  	}
   113  	if priv.D.Cmp(priv.N) > 0 {
   114  		t.Errorf("private exponent too large")
   115  	}
   116  
   117  	msg := []byte("hi!")
   118  	enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
   119  	if err != nil {
   120  		t.Errorf("EncryptPKCS1v15: %v", err)
   121  		return
   122  	}
   123  
   124  	dec, err := DecryptPKCS1v15(nil, priv, enc)
   125  	if err != nil {
   126  		t.Errorf("DecryptPKCS1v15: %v", err)
   127  		return
   128  	}
   129  	if !bytes.Equal(dec, msg) {
   130  		t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
   131  	}
   132  }
   133  
   134  func TestAllocations(t *testing.T) {
   135  	if boring.Enabled {
   136  		t.Skip("skipping allocations test with BoringCrypto")
   137  	}
   138  	testenv.SkipIfOptimizationOff(t)
   139  
   140  	m := []byte("Hello Gophers")
   141  	c, err := EncryptPKCS1v15(rand.Reader, &test2048Key.PublicKey, m)
   142  	if err != nil {
   143  		t.Fatal(err)
   144  	}
   145  
   146  	if allocs := testing.AllocsPerRun(100, func() {
   147  		p, err := DecryptPKCS1v15(nil, test2048Key, c)
   148  		if err != nil {
   149  			t.Fatal(err)
   150  		}
   151  		if !bytes.Equal(p, m) {
   152  			t.Fatalf("unexpected output: %q", p)
   153  		}
   154  	}); allocs > 10 {
   155  		t.Errorf("expected less than 10 allocations, got %0.1f", allocs)
   156  	}
   157  }
   158  
   159  var allFlag = flag.Bool("all", false, "test all key sizes up to 2048")
   160  
   161  func TestEverything(t *testing.T) {
   162  	min := 32
   163  	max := 560 // any smaller than this and not all tests will run
   164  	if testing.Short() {
   165  		min = max
   166  	}
   167  	if *allFlag {
   168  		max = 2048
   169  	}
   170  	for size := min; size <= max; size++ {
   171  		size := size
   172  		t.Run(fmt.Sprintf("%d", size), func(t *testing.T) {
   173  			t.Parallel()
   174  			priv, err := GenerateKey(rand.Reader, size)
   175  			if err != nil {
   176  				t.Errorf("GenerateKey(%d): %v", size, err)
   177  			}
   178  			if bits := priv.N.BitLen(); bits != size {
   179  				t.Errorf("key too short (%d vs %d)", bits, size)
   180  			}
   181  			testEverything(t, priv)
   182  		})
   183  	}
   184  }
   185  
   186  func testEverything(t *testing.T, priv *PrivateKey) {
   187  	if err := priv.Validate(); err != nil {
   188  		t.Errorf("Validate() failed: %s", err)
   189  	}
   190  
   191  	msg := []byte("test")
   192  	enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
   193  	if err == ErrMessageTooLong {
   194  		t.Log("key too small for EncryptPKCS1v15")
   195  	} else if err != nil {
   196  		t.Errorf("EncryptPKCS1v15: %v", err)
   197  	}
   198  	if err == nil {
   199  		dec, err := DecryptPKCS1v15(nil, priv, enc)
   200  		if err != nil {
   201  			t.Errorf("DecryptPKCS1v15: %v", err)
   202  		}
   203  		err = DecryptPKCS1v15SessionKey(nil, priv, enc, make([]byte, 4))
   204  		if err != nil {
   205  			t.Errorf("DecryptPKCS1v15SessionKey: %v", err)
   206  		}
   207  		if !bytes.Equal(dec, msg) {
   208  			t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
   209  		}
   210  	}
   211  
   212  	label := []byte("label")
   213  	enc, err = EncryptOAEP(sha256.New(), rand.Reader, &priv.PublicKey, msg, label)
   214  	if err == ErrMessageTooLong {
   215  		t.Log("key too small for EncryptOAEP")
   216  	} else if err != nil {
   217  		t.Errorf("EncryptOAEP: %v", err)
   218  	}
   219  	if err == nil {
   220  		dec, err := DecryptOAEP(sha256.New(), nil, priv, enc, label)
   221  		if err != nil {
   222  			t.Errorf("DecryptOAEP: %v", err)
   223  		}
   224  		if !bytes.Equal(dec, msg) {
   225  			t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
   226  		}
   227  	}
   228  
   229  	hash := sha256.Sum256(msg)
   230  	sig, err := SignPKCS1v15(nil, priv, crypto.SHA256, hash[:])
   231  	if err == ErrMessageTooLong {
   232  		t.Log("key too small for SignPKCS1v15")
   233  	} else if err != nil {
   234  		t.Errorf("SignPKCS1v15: %v", err)
   235  	}
   236  	if err == nil {
   237  		err = VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, hash[:], sig)
   238  		if err != nil {
   239  			t.Errorf("VerifyPKCS1v15: %v", err)
   240  		}
   241  		sig[1] ^= 0x80
   242  		err = VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, hash[:], sig)
   243  		if err == nil {
   244  			t.Errorf("VerifyPKCS1v15 success for tampered signature")
   245  		}
   246  		sig[1] ^= 0x80
   247  		hash[1] ^= 0x80
   248  		err = VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, hash[:], sig)
   249  		if err == nil {
   250  			t.Errorf("VerifyPKCS1v15 success for tampered message")
   251  		}
   252  		hash[1] ^= 0x80
   253  	}
   254  
   255  	opts := &PSSOptions{SaltLength: PSSSaltLengthAuto}
   256  	sig, err = SignPSS(rand.Reader, priv, crypto.SHA256, hash[:], opts)
   257  	if err == ErrMessageTooLong {
   258  		t.Log("key too small for SignPSS with PSSSaltLengthAuto")
   259  	} else if err != nil {
   260  		t.Errorf("SignPSS: %v", err)
   261  	}
   262  	if err == nil {
   263  		err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
   264  		if err != nil {
   265  			t.Errorf("VerifyPSS: %v", err)
   266  		}
   267  		sig[1] ^= 0x80
   268  		err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
   269  		if err == nil {
   270  			t.Errorf("VerifyPSS success for tampered signature")
   271  		}
   272  		sig[1] ^= 0x80
   273  		hash[1] ^= 0x80
   274  		err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
   275  		if err == nil {
   276  			t.Errorf("VerifyPSS success for tampered message")
   277  		}
   278  		hash[1] ^= 0x80
   279  	}
   280  
   281  	opts.SaltLength = PSSSaltLengthEqualsHash
   282  	sig, err = SignPSS(rand.Reader, priv, crypto.SHA256, hash[:], opts)
   283  	if err == ErrMessageTooLong {
   284  		t.Log("key too small for SignPSS with PSSSaltLengthEqualsHash")
   285  	} else if err != nil {
   286  		t.Errorf("SignPSS: %v", err)
   287  	}
   288  	if err == nil {
   289  		err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
   290  		if err != nil {
   291  			t.Errorf("VerifyPSS: %v", err)
   292  		}
   293  		sig[1] ^= 0x80
   294  		err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
   295  		if err == nil {
   296  			t.Errorf("VerifyPSS success for tampered signature")
   297  		}
   298  		sig[1] ^= 0x80
   299  		hash[1] ^= 0x80
   300  		err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], sig, opts)
   301  		if err == nil {
   302  			t.Errorf("VerifyPSS success for tampered message")
   303  		}
   304  		hash[1] ^= 0x80
   305  	}
   306  
   307  	// Check that an input bigger than the modulus is handled correctly,
   308  	// whether it is longer than the byte size of the modulus or not.
   309  	c := bytes.Repeat([]byte{0xff}, priv.Size())
   310  	err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], c, opts)
   311  	if err == nil {
   312  		t.Errorf("VerifyPSS accepted a large signature")
   313  	}
   314  	_, err = DecryptPKCS1v15(nil, priv, c)
   315  	if err == nil {
   316  		t.Errorf("DecryptPKCS1v15 accepted a large ciphertext")
   317  	}
   318  	c = append(c, 0xff)
   319  	err = VerifyPSS(&priv.PublicKey, crypto.SHA256, hash[:], c, opts)
   320  	if err == nil {
   321  		t.Errorf("VerifyPSS accepted a long signature")
   322  	}
   323  	_, err = DecryptPKCS1v15(nil, priv, c)
   324  	if err == nil {
   325  		t.Errorf("DecryptPKCS1v15 accepted a long ciphertext")
   326  	}
   327  }
   328  
   329  func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") }
   330  
   331  func parseKey(s string) *PrivateKey {
   332  	p, _ := pem.Decode([]byte(s))
   333  	if p.Type == "PRIVATE KEY" {
   334  		k, err := x509.ParsePKCS8PrivateKey(p.Bytes)
   335  		if err != nil {
   336  			panic(err)
   337  		}
   338  		return k.(*PrivateKey)
   339  	}
   340  	k, err := x509.ParsePKCS1PrivateKey(p.Bytes)
   341  	if err != nil {
   342  		panic(err)
   343  	}
   344  	return k
   345  }
   346  
   347  var test2048Key = parseKey(testingKey(`-----BEGIN TESTING KEY-----
   348  MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNoyFUYeDuqw+k
   349  iyv47iBy/udbWmQdpbUZ8JobHv8uQrvL7sQN6l83teHgNJsXqtiLF3MC+K+XI6Dq
   350  hxUWfQwLip8WEnv7Jx/+53S8yp/CS4Jw86Q1bQHbZjFDpcoqSuwAxlegw18HNZCY
   351  fpipYnA1lYCm+MTjtgXJQbjA0dwUGCf4BDMqt+76Jk3XZF5975rftbkGoT9eu8Jt
   352  Xs5F5Xkwd8q3fkQz+fpLW4u9jrfFyQ61RRFkYrCjlhtGjYIzBHGgQM4n/sNXhiy5
   353  h0tA7Xa6NyYrN/OXe/Y1K8Rz/tzlvbMoxgZgtBuKo1N3m8ckFi7hUVK2eNv7GoAb
   354  teTTPrg/AgMBAAECggEAAnfsVpmsL3R0Bh4gXRpPeM63H6e1a8B8kyVwiO9o0cXX
   355  gKp9+P39izfB0Kt6lyCj/Wg+wOQT7rg5qy1yIw7fBHGmcjquxh3uN0s3YZ+Vcym6
   356  SAY5f0vh/OyJN9r3Uv8+Pc4jtb7So7QDzdWeZurssBmUB0avAMRdGNFGP5SyILcz
   357  l3Q59hTxQ4czRHKjZ06L1/sA+tFVbO1j39FN8nMOU/ovLF4lAmZTkQ6AP6n6XPHP
   358  B8Nq7jSYz6RDO200jzp6UsdrnjjkJRbzOxN/fn+ckCP+WYuq+y/d05ET9PdVa4qI
   359  Jyr80D9QgHmfztcecvYwoskGnkb2F4Tmp0WnAj/xVQKBgQD4TrMLyyHdbAr5hoSi
   360  p+r7qBQxnHxPe2FKO7aqagi4iPEHauEDgwPIcsOYota1ACiSs3BaESdJAClbqPYd
   361  HDI4c2DZ6opux6WYkSju+tVXYW6qarR3fzrP3fUCdz2c2NfruWOqq8YmjzAhTNPm
   362  YzvtzTdwheNYV0Vi71t1SfZmfQKBgQDUAgSUcrgXdGDnSbaNe6KwjY5oZWOQfZe2
   363  DUhqfN/JRFZj+EMfIIh6OQXnZqkp0FeRdfRAFl8Yz8ESHEs4j+TikLJEeOdfmYLS
   364  TWxlMPDTUGbUvSf4g358NJ8TlfYA7dYpSTNPXMRSLtsz1palmaDBTE/V2xKtTH6p
   365  VglRNRUKawKBgCPqBh2TkN9czC2RFkgMb4FcqycN0jEQ0F6TSnVVhtNiAzKmc8s1
   366  POvWJZJDIzjkv/mP+JUeXAdD/bdjNc26EU126rA6KzGgsMPjYv9FymusDPybGGUc
   367  Qt5j5RcpNgEkn/5ZPyAlXjCfjz+RxChTfAyGHRmqU9qoLMIFir3pJ7llAoGBAMNH
   368  sIxENwlzqyafoUUlEq/pU7kZWuJmrO2FwqRDraYoCiM/NCRhxRQ/ng6NY1gejepw
   369  abD2alXiV4alBSxubne6rFmhvA00y2mG40c6Ezmxn2ZpbX3dMQ6bMcPKp7QnXtLc
   370  mCSL4FGK02ImUNDsd0RVVFw51DRId4rmsuJYMK9NAoGAKlYdc4784ixTD2ZICIOC
   371  ZWPxPAyQUEA7EkuUhAX1bVNG6UJTYA8kmGcUCG4jPTgWzi00IyUUr8jK7efyU/zs
   372  qiJuVs1bia+flYIQpysMl1VzZh8gW1nkB4SVPm5l2wBvVJDIr9Mc6rueC/oVNkh2
   373  fLVGuFoTVIu2bF0cWAjNNMg=
   374  -----END TESTING KEY-----`))
   375  
   376  var test3072Key = parseKey(testingKey(`-----BEGIN TESTING KEY-----
   377  MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDJrvevql7G07LM
   378  xQAwAA1Oo8qUAkWfmpgrpxIUZE1QTyMCDaspQJGBBR2+iStrzi2NnWvyBz3jJWFZ
   379  LepnsMUFSXj5Ez6bEt2x9YbLAAVGhI6USrGAKqRdJ77+F7yIVCJWcV4vtTyN86IO
   380  UaHObwCR8GX7MUwJiRxDUZtYxJcwTMHSs4OWxNnqc+A8yRKn85CsCx0X9I1DULq+
   381  5BL8gF3MUXvb2zYzIOGI1s3lXOo9tHVcRVB1eV7dZHDyYGxZ4Exj9eKhiOL52hE6
   382  ZPTWCCKbQnyBV3HYe+t8DscOG/IzaAzLrx1s6xnqKEe5lUQ03Ty9QN3tpqqLsC4b
   383  CUkdk6Ma43KXGkCmoPaGCkssSc9qOrwHrqoMkOnZDWOJ5mKHhINKWV/U7p54T7tx
   384  FWI3PFvvYevoPf7cQdJcChbIBvQ+LEuVZvmljhONUjIGKBaqBz5Sjv7Fd5BNnBGz
   385  8NwH6tYdT9kdTkCZdfrazbuhLxN0mhhXp2sePRV2KZsB7i7cUJMCAwEAAQKCAYAT
   386  fqunbxmehhu237tUaHTg1e6WHvVu54kaUxm+ydvlTY5N5ldV801Sl4AtXjdJwjy0
   387  qcj430qpTarawsLxMezhcB2BlKLNEjucC5EeHIrmAEMt7LMP90868prAweJHRTv/
   388  zLvfcwPURClf0Uk0L0Dyr7Y+hnXZ8scTb2x2M06FQdjMY+4Yy+oKgm05mEVgNv1p
   389  e+DcjhbSMRf+rVoeeSQCmhprATCnLDWmE1QEqIC7OoR2SPxC1rAHnhatfwo00nwz
   390  rciN5YSOqoGa1WMNv6ut0HJWZnu5nR1OuZpaf+zrxlthMxPwhhPq0211J4fZviTO
   391  WLnubXD3/G9TN1TszeFuO7Ty8HYYkTJ3RLRrTRrfwhOtOJ4tkuwSJol3QIs1asab
   392  wYabuqyTv4+6JeoMBSLnMoA8rXSW9ti4gvJ1h8xMqmMF6e91Z0Fn7fvP5MCn/t8H
   393  8cIPhYLOhdPH5JMqxozb/a1s+JKvRTLnAXxNjlmyXzNvC+3Ixp4q9O8dWJ8Gt+EC
   394  gcEA+12m6iMXU3tBw1cYDcs/Jc0hOVgMAMgtnWZ4+p8RSucO/74bq82kdyAOJxao
   395  spAcK03NnpRBDcYsSyuQrE6AXQYel1Gj98mMtOirwt2T9vH5fHT6oKsqEu03hYIB
   396  5cggeie4wqKAOb9tVdShJk7YBJUgIXnAcqqmkD4oeUGzUV0QseQtspEHUJSqBQ9n
   397  yR4DmyMECgLm47S9LwPMtgRh9ADLBaZeuIRdBEKCDPgNkdya/dLb8u8kE8Ox3T3R
   398  +r2hAoHBAM1m1ZNqP9bEa74jZkpMxDN+vUdN7rZcxcpHu1nyii8OzXEopB+jByFA
   399  lmMqnKt8z5DRD0dmHXzOggnKJGO2j63/XFaVmsaXcM2B8wlRCqwm4mBE/bYCEKJl
   400  xqkDveICzwb1paWSgmFkjc6DN2g1jUd3ptOORuU38onrSphPHFxgyNlNTcOcXvxb
   401  GW4R8iPinvpkY3shluWqRQTvai1+gNQlmKMdqXvreUjKqJFCOhoRUVG/MDv8IdP2
   402  tXq43+UZswKBwQDSErOzi74r25/bVAdbR9gvjF7O4OGvKZzNpd1HfvbhxXcIjuXr
   403  UEK5+AU777ju+ndATZahiD9R9qP/8pnHFxg6JiocxnMlW8EHVEhv4+SMBjA+Ljlj
   404  W4kfJjc3ka5qTjWuQVIs/8fv+yayC7DeJhhsxACFWY5Xhn0LoZcLt7fYMNIKCauT
   405  R5d4ZbYt4nEXaMkUt0/h2gkCloNhLmjAWatPU/ZYc3FH/f8K11Z+5jPZCihSJw4A
   406  2pEpH2yffNHnHuECgcEAmxIWEHNYuwYT6brEETgfsFjxAZI+tIMZ+HtrYJ8R4DEm
   407  vVXXguMMEPi4ESosmfNiqYyMInVfscgeuNFZ48YCd3Sg++V6so/G5ABFwjTi/9Fj
   408  exbbDLxGXrTD5PokMyu3rSNr6bLQqELIJK8/93bmsJwO4Q07TPaOL73p1U90s/GF
   409  8TjBivrVY2RLsKPv0VPYfmWoDV/wkneYH/+4g5xMGt4/fHZ6bEn8iQ4ncXM0dlW4
   410  tSTIf6D80RAjNwG4VzitAoHAA8GLh22w+Cx8RPsj6xdrUiVFE+nNMMgeY8Mdjsrq
   411  Fh4jJb+4zwSML9R6iJu/LH5B7Fre2Te8QrYP+k/jIHPYJtGesVt/WlAtpDCNsC3j
   412  8CBzxwL6zkN+46pph35jPKUSaQQ2r8euNMp/sirkYcP8PpbdtifXCjN08QQIKsqj
   413  17IGHe9jZX/EVnSshCkXOBHG31buV10k5GSkeKcoDrkpp25wQ6FjW9L3Q68y6Y8r
   414  8h02sdAMB9Yc2A4EgzOySWoD
   415  -----END TESTING KEY-----`))
   416  
   417  var test4096Key = parseKey(testingKey(`-----BEGIN TESTING KEY-----
   418  MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCmH55T2e8fdUaL
   419  iWVL2yI7d/wOu/sxI4nVGoiRMiSMlMZlOEZ4oJY6l2y9N/b8ftwoIpjYO8CBk5au
   420  x2Odgpuz+FJyHppvKakUIeAn4940zoNkRe/iptybIuH5tCBygjs0y1617TlR/c5+
   421  FF5YRkzsEJrGcLqXzj0hDyrwdplBOv1xz2oHYlvKWWcVMR/qgwoRuj65Ef262t/Q
   422  ELH3+fFLzIIstFTk2co2WaALquOsOB6xGOJSAAr8cIAWe+3MqWM8DOcgBuhABA42
   423  9IhbBBw0uqTXUv/TGi6tcF29H2buSxAx/Wm6h2PstLd6IJAbWHAa6oTz87H0S6XZ
   424  v42cYoFhHma1OJw4id1oOZMFDTPDbHxgUnr2puSU+Fpxrj9+FWwViKE4j0YatbG9
   425  cNVpx9xo4NdvOkejWUrqziRorMZTk/zWKz0AkGQzTN3PrX0yy61BoWfznH/NXZ+o
   426  j3PqVtkUs6schoIYvrUcdhTCrlLwGSHhU1VKNGAUlLbNrIYTQNgt2gqvjLEsn4/i
   427  PgS1IsuDHIc7nGjzvKcuR0UeYCDkmBQqKrdhGbdJ1BRohzLdm+woRpjrqmUCbMa5
   428  VWWldJen0YyAlxNILvXMD117azeduseM1sZeGA9L8MmE12auzNbKr371xzgANSXn
   429  jRuyrblAZKc10kYStrcEmJdfNlzYAwIDAQABAoICABdQBpsD0W/buFuqm2GKzgIE
   430  c4Xp0XVy5EvYnmOp4sEru6/GtvUErDBqwaLIMMv8TY8AU+y8beaBPLsoVg1rn8gg
   431  yAklzExfT0/49QkEDFHizUOMIP7wpbLLsWSmZ4tKRV7CT3c+ZDXiZVECML84lmDm
   432  b6H7feQB2EhEZaU7L4Sc76ZCEkIZBoKeCz5JF46EdyxHs7erE61eO9xqC1+eXsNh
   433  Xr9BS0yWV69K4o/gmnS3p2747AHP6brFWuRM3fFDsB5kPScccQlSyF/j7yK+r+qi
   434  arGg/y+z0+sZAr6gooQ8Wnh5dJXtnBNCxSDJYw/DWHAeiyvk/gsndo3ZONlCZZ9u
   435  bpwBYx3hA2wTa5GUQxFM0KlI7Ftr9Cescf2jN6Ia48C6FcQsepMzD3jaMkLir8Jk
   436  /YD/s5KPzNvwPAyLnf7x574JeWuuxTIPx6b/fHVtboDK6j6XQnzrN2Hy3ngvlEFo
   437  zuGYVvtrz5pJXWGVSjZWG1kc9iXCdHKpmFdPj7XhU0gugTzQ/e5uRIqdOqfNLI37
   438  fppSuWkWd5uaAg0Zuhd+2L4LG2GhVdfFa1UeHBe/ncFKz1km9Bmjvt04TpxlRnVG
   439  wHxJZKlxpxCZ3AuLNUMP/QazPXO8OIfGOCbwkgFiqRY32mKDUvmEADBBoYpk/wBv
   440  qV99g5gvYFC5Le4QLzOJAoIBAQDcnqnK2tgkISJhsLs2Oj8vEcT7dU9vVnPSxTcC
   441  M0F+8ITukn33K0biUlA+ktcQaF+eeLjfbjkn/H0f2Ajn++ldT56MgAFutZkYvwxJ
   442  2A6PVB3jesauSpe8aqoKMDIj8HSA3+AwH+yU+yA9r5EdUq1S6PscP+5Wj22+thAa
   443  l65CFD77C0RX0lly5zdjQo3Vyca2HYGm/cshFCPRZc66TPjNAHFthbqktKjMQ91H
   444  Hg+Gun2zv8KqeSzMDeHnef4rVaWMIyIBzpu3QdkKPUXMQQxvJ+RW7+MORV9VjE7Z
   445  KVnHa/6x9n+jvtQ0ydHc2n0NOp6BQghTCB2G3w3JJfmPcRSNAoIBAQDAw6mPddoz
   446  UUzANMOYcFtos4EaWfTQE2okSLVAmLY2gtAK6ldTv6X9xl0IiC/DmWqiNZJ/WmVI
   447  glkp6iZhxBSmqov0X9P0M+jdz7CRnbZDFhQWPxSPicurYuPKs52IC08HgIrwErzT
   448  /lh+qRXEqzT8rTdftywj5fE89w52NPHBsMS07VhFsJtU4aY2Yl8y1PHeumXU6h66
   449  yTvoCLLxJPiLIg9PgvbMF+RiYyomIg75gwfx4zWvIvWdXifQBC88fE7lP2u5gtWL
   450  JUJaMy6LNKHn8YezvwQp0dRecvvoqzoApOuHfsPASHb9cfvcy/BxDXFMJO4QWCi1
   451  6WLaR835nKLPAoIBAFw7IHSjxNRl3b/FaJ6k/yEoZpdRVaIQHF+y/uo2j10IJCqw
   452  p2SbfQjErLNcI/jCCadwhKkzpUVoMs8LO73v/IF79aZ7JR4pYRWNWQ/N+VhGLDCb
   453  dVAL8x9b4DZeK7gGoE34SfsUfY1S5wmiyiHeHIOazs/ikjsxvwmJh3X2j20klafR
   454  8AJe9/InY2plunHz5tTfxQIQ+8iaaNbzntcXsrPRSZol2/9bX231uR4wHQGQGVj6
   455  A+HMwsOT0is5Pt7S8WCCl4b13vdf2eKD9xgK4a3emYEWzG985PwYqiXzOYs7RMEV
   456  cgr8ji57aPbRiJHtPbJ/7ob3z5BA07yR2aDz/0kCggEAZDyajHYNLAhHr98AIuGy
   457  NsS5CpnietzNoeaJEfkXL0tgoXxwQqVyzH7827XtmHnLgGP5NO4tosHdWbVflhEf
   458  Z/dhZYb7MY5YthcMyvvGziXJ9jOBHo7Z8Nowd7Rk41x2EQGfve0QcfBd1idYoXch
   459  y47LL6OReW1Vv4z84Szw1fZ0o1yUPVDzxPS9uKP4uvcOevJUh53isuB3nVYArvK5
   460  p6fjbEY+zaxS33KPdVrajJa9Z+Ptg4/bRqSycTHr2jkN0ZnkC4hkQMH0OfFJb6vD
   461  0VfAaBCZOqHZG/AQ3FFFjRY1P7UEV5WXAn3mKU+HTVJfKug9PxSIvueIttcF3Zm8
   462  8wKCAQAM43+DnGW1w34jpsTAeOXC5mhIz7J8spU6Uq5bJIheEE2AbX1z+eRVErZX
   463  1WsRNPsNrQfdt/b5IKboBbSYKoGxxRMngJI1eJqyj4LxZrACccS3euAlcU1q+3oN
   464  T10qfQol54KjGld/HVDhzbsZJxzLDqvPlroWgwLdOLDMXhwJYfTnqMEQkaG4Aawr
   465  3P14+Zp/woLiPWw3iZFcL/bt23IOa9YI0NoLhp5MFNXfIuzx2FhVz6BUSeVfQ6Ko
   466  Nx2YZ03g6Kt6B6c43LJx1a/zEPYSZcPERgWOSHlcjmwRfTs6uoN9xt1qs4zEUaKv
   467  Axreud3rJ0rekUp6rI1joG717Wls
   468  -----END TESTING KEY-----`))
   469  
   470  func BenchmarkDecryptPKCS1v15(b *testing.B) {
   471  	b.Run("2048", func(b *testing.B) { benchmarkDecryptPKCS1v15(b, test2048Key) })
   472  	b.Run("3072", func(b *testing.B) { benchmarkDecryptPKCS1v15(b, test3072Key) })
   473  	b.Run("4096", func(b *testing.B) { benchmarkDecryptPKCS1v15(b, test4096Key) })
   474  }
   475  
   476  func benchmarkDecryptPKCS1v15(b *testing.B, k *PrivateKey) {
   477  	r := bufio.NewReaderSize(rand.Reader, 1<<15)
   478  
   479  	m := []byte("Hello Gophers")
   480  	c, err := EncryptPKCS1v15(r, &k.PublicKey, m)
   481  	if err != nil {
   482  		b.Fatal(err)
   483  	}
   484  
   485  	b.ResetTimer()
   486  	var sink byte
   487  	for i := 0; i < b.N; i++ {
   488  		p, err := DecryptPKCS1v15(r, k, c)
   489  		if err != nil {
   490  			b.Fatal(err)
   491  		}
   492  		if !bytes.Equal(p, m) {
   493  			b.Fatalf("unexpected output: %q", p)
   494  		}
   495  		sink ^= p[0]
   496  	}
   497  }
   498  
   499  func BenchmarkEncryptPKCS1v15(b *testing.B) {
   500  	b.Run("2048", func(b *testing.B) {
   501  		r := bufio.NewReaderSize(rand.Reader, 1<<15)
   502  		m := []byte("Hello Gophers")
   503  
   504  		var sink byte
   505  		for i := 0; i < b.N; i++ {
   506  			c, err := EncryptPKCS1v15(r, &test2048Key.PublicKey, m)
   507  			if err != nil {
   508  				b.Fatal(err)
   509  			}
   510  			sink ^= c[0]
   511  		}
   512  	})
   513  }
   514  
   515  func BenchmarkDecryptOAEP(b *testing.B) {
   516  	b.Run("2048", func(b *testing.B) {
   517  		r := bufio.NewReaderSize(rand.Reader, 1<<15)
   518  
   519  		m := []byte("Hello Gophers")
   520  		c, err := EncryptOAEP(sha256.New(), r, &test2048Key.PublicKey, m, nil)
   521  		if err != nil {
   522  			b.Fatal(err)
   523  		}
   524  
   525  		b.ResetTimer()
   526  		var sink byte
   527  		for i := 0; i < b.N; i++ {
   528  			p, err := DecryptOAEP(sha256.New(), r, test2048Key, c, nil)
   529  			if err != nil {
   530  				b.Fatal(err)
   531  			}
   532  			if !bytes.Equal(p, m) {
   533  				b.Fatalf("unexpected output: %q", p)
   534  			}
   535  			sink ^= p[0]
   536  		}
   537  	})
   538  }
   539  
   540  func BenchmarkEncryptOAEP(b *testing.B) {
   541  	b.Run("2048", func(b *testing.B) {
   542  		r := bufio.NewReaderSize(rand.Reader, 1<<15)
   543  		m := []byte("Hello Gophers")
   544  
   545  		var sink byte
   546  		for i := 0; i < b.N; i++ {
   547  			c, err := EncryptOAEP(sha256.New(), r, &test2048Key.PublicKey, m, nil)
   548  			if err != nil {
   549  				b.Fatal(err)
   550  			}
   551  			sink ^= c[0]
   552  		}
   553  	})
   554  }
   555  
   556  func BenchmarkSignPKCS1v15(b *testing.B) {
   557  	b.Run("2048", func(b *testing.B) {
   558  		hashed := sha256.Sum256([]byte("testing"))
   559  
   560  		var sink byte
   561  		b.ResetTimer()
   562  		for i := 0; i < b.N; i++ {
   563  			s, err := SignPKCS1v15(rand.Reader, test2048Key, crypto.SHA256, hashed[:])
   564  			if err != nil {
   565  				b.Fatal(err)
   566  			}
   567  			sink ^= s[0]
   568  		}
   569  	})
   570  }
   571  
   572  func BenchmarkVerifyPKCS1v15(b *testing.B) {
   573  	b.Run("2048", func(b *testing.B) {
   574  		hashed := sha256.Sum256([]byte("testing"))
   575  		s, err := SignPKCS1v15(rand.Reader, test2048Key, crypto.SHA256, hashed[:])
   576  		if err != nil {
   577  			b.Fatal(err)
   578  		}
   579  
   580  		b.ResetTimer()
   581  		for i := 0; i < b.N; i++ {
   582  			err := VerifyPKCS1v15(&test2048Key.PublicKey, crypto.SHA256, hashed[:], s)
   583  			if err != nil {
   584  				b.Fatal(err)
   585  			}
   586  		}
   587  	})
   588  }
   589  
   590  func BenchmarkSignPSS(b *testing.B) {
   591  	b.Run("2048", func(b *testing.B) {
   592  		hashed := sha256.Sum256([]byte("testing"))
   593  
   594  		var sink byte
   595  		b.ResetTimer()
   596  		for i := 0; i < b.N; i++ {
   597  			s, err := SignPSS(rand.Reader, test2048Key, crypto.SHA256, hashed[:], nil)
   598  			if err != nil {
   599  				b.Fatal(err)
   600  			}
   601  			sink ^= s[0]
   602  		}
   603  	})
   604  }
   605  
   606  func BenchmarkVerifyPSS(b *testing.B) {
   607  	b.Run("2048", func(b *testing.B) {
   608  		hashed := sha256.Sum256([]byte("testing"))
   609  		s, err := SignPSS(rand.Reader, test2048Key, crypto.SHA256, hashed[:], nil)
   610  		if err != nil {
   611  			b.Fatal(err)
   612  		}
   613  
   614  		b.ResetTimer()
   615  		for i := 0; i < b.N; i++ {
   616  			err := VerifyPSS(&test2048Key.PublicKey, crypto.SHA256, hashed[:], s, nil)
   617  			if err != nil {
   618  				b.Fatal(err)
   619  			}
   620  		}
   621  	})
   622  }
   623  
   624  type testEncryptOAEPMessage struct {
   625  	in   []byte
   626  	seed []byte
   627  	out  []byte
   628  }
   629  
   630  type testEncryptOAEPStruct struct {
   631  	modulus string
   632  	e       int
   633  	d       string
   634  	msgs    []testEncryptOAEPMessage
   635  }
   636  
   637  func TestEncryptOAEP(t *testing.T) {
   638  	sha1 := sha1.New()
   639  	n := new(big.Int)
   640  	for i, test := range testEncryptOAEPData {
   641  		n.SetString(test.modulus, 16)
   642  		public := PublicKey{N: n, E: test.e}
   643  
   644  		for j, message := range test.msgs {
   645  			randomSource := bytes.NewReader(message.seed)
   646  			out, err := EncryptOAEP(sha1, randomSource, &public, message.in, nil)
   647  			if err != nil {
   648  				t.Errorf("#%d,%d error: %s", i, j, err)
   649  			}
   650  			if !bytes.Equal(out, message.out) {
   651  				t.Errorf("#%d,%d bad result: %x (want %x)", i, j, out, message.out)
   652  			}
   653  		}
   654  	}
   655  }
   656  
   657  func TestDecryptOAEP(t *testing.T) {
   658  	random := rand.Reader
   659  
   660  	sha1 := sha1.New()
   661  	n := new(big.Int)
   662  	d := new(big.Int)
   663  	for i, test := range testEncryptOAEPData {
   664  		n.SetString(test.modulus, 16)
   665  		d.SetString(test.d, 16)
   666  		private := new(PrivateKey)
   667  		private.PublicKey = PublicKey{N: n, E: test.e}
   668  		private.D = d
   669  
   670  		for j, message := range test.msgs {
   671  			out, err := DecryptOAEP(sha1, nil, private, message.out, nil)
   672  			if err != nil {
   673  				t.Errorf("#%d,%d error: %s", i, j, err)
   674  			} else if !bytes.Equal(out, message.in) {
   675  				t.Errorf("#%d,%d bad result: %#v (want %#v)", i, j, out, message.in)
   676  			}
   677  
   678  			// Decrypt with blinding.
   679  			out, err = DecryptOAEP(sha1, random, private, message.out, nil)
   680  			if err != nil {
   681  				t.Errorf("#%d,%d (blind) error: %s", i, j, err)
   682  			} else if !bytes.Equal(out, message.in) {
   683  				t.Errorf("#%d,%d (blind) bad result: %#v (want %#v)", i, j, out, message.in)
   684  			}
   685  		}
   686  		if testing.Short() {
   687  			break
   688  		}
   689  	}
   690  }
   691  
   692  func Test2DecryptOAEP(t *testing.T) {
   693  	random := rand.Reader
   694  
   695  	msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22}
   696  	in := []byte{0x72, 0x26, 0x84, 0xc9, 0xcf, 0xd6, 0xa8, 0x96, 0x04, 0x3e, 0x34, 0x07, 0x2c, 0x4f, 0xe6, 0x52, 0xbe, 0x46, 0x3c, 0xcf, 0x79, 0x21, 0x09, 0x64, 0xe7, 0x33, 0x66, 0x9b, 0xf8, 0x14, 0x22, 0x43, 0xfe, 0x8e, 0x52, 0x8b, 0xe0, 0x5f, 0x98, 0xef, 0x54, 0xac, 0x6b, 0xc6, 0x26, 0xac, 0x5b, 0x1b, 0x4b, 0x7d, 0x2e, 0xd7, 0x69, 0x28, 0x5a, 0x2f, 0x4a, 0x95, 0x89, 0x6c, 0xc7, 0x53, 0x95, 0xc7, 0xd2, 0x89, 0x04, 0x6f, 0x94, 0x74, 0x9b, 0x09, 0x0d, 0xf4, 0x61, 0x2e, 0xab, 0x48, 0x57, 0x4a, 0xbf, 0x95, 0xcb, 0xff, 0x15, 0xe2, 0xa0, 0x66, 0x58, 0xf7, 0x46, 0xf8, 0xc7, 0x0b, 0xb5, 0x1e, 0xa7, 0xba, 0x36, 0xce, 0xdd, 0x36, 0x41, 0x98, 0x6e, 0x10, 0xf9, 0x3b, 0x70, 0xbb, 0xa1, 0xda, 0x00, 0x40, 0xd5, 0xa5, 0x3f, 0x87, 0x64, 0x32, 0x7c, 0xbc, 0x50, 0x52, 0x0e, 0x4f, 0x21, 0xbd}
   697  
   698  	n := new(big.Int)
   699  	d := new(big.Int)
   700  	n.SetString(testEncryptOAEPData[0].modulus, 16)
   701  	d.SetString(testEncryptOAEPData[0].d, 16)
   702  	priv := new(PrivateKey)
   703  	priv.PublicKey = PublicKey{N: n, E: testEncryptOAEPData[0].e}
   704  	priv.D = d
   705  	sha1 := crypto.SHA1
   706  	sha256 := crypto.SHA256
   707  
   708  	out, err := priv.Decrypt(random, in, &OAEPOptions{MGFHash: sha1, Hash: sha256})
   709  
   710  	if err != nil {
   711  		t.Errorf("error: %s", err)
   712  	} else if !bytes.Equal(out, msg) {
   713  		t.Errorf("bad result %#v (want %#v)", out, msg)
   714  	}
   715  }
   716  
   717  func TestEncryptDecryptOAEP(t *testing.T) {
   718  	sha256 := sha256.New()
   719  	n := new(big.Int)
   720  	d := new(big.Int)
   721  	for i, test := range testEncryptOAEPData {
   722  		n.SetString(test.modulus, 16)
   723  		d.SetString(test.d, 16)
   724  		priv := new(PrivateKey)
   725  		priv.PublicKey = PublicKey{N: n, E: test.e}
   726  		priv.D = d
   727  
   728  		for j, message := range test.msgs {
   729  			label := []byte(fmt.Sprintf("hi#%d", j))
   730  			enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, message.in, label)
   731  			if err != nil {
   732  				t.Errorf("#%d,%d: EncryptOAEP: %v", i, j, err)
   733  				continue
   734  			}
   735  			dec, err := DecryptOAEP(sha256, rand.Reader, priv, enc, label)
   736  			if err != nil {
   737  				t.Errorf("#%d,%d: DecryptOAEP: %v", i, j, err)
   738  				continue
   739  			}
   740  			if !bytes.Equal(dec, message.in) {
   741  				t.Errorf("#%d,%d: round trip %q -> %q", i, j, message.in, dec)
   742  			}
   743  		}
   744  	}
   745  }
   746  
   747  // testEncryptOAEPData contains a subset of the vectors from RSA's "Test vectors for RSA-OAEP".
   748  var testEncryptOAEPData = []testEncryptOAEPStruct{
   749  	// Key 1
   750  	{"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb",
   751  		65537,
   752  		"53339cfdb79fc8466a655c7316aca85c55fd8f6dd898fdaf119517ef4f52e8fd8e258df93fee180fa0e4ab29693cd83b152a553d4ac4d1812b8b9fa5af0e7f55fe7304df41570926f3311f15c4d65a732c483116ee3d3d2d0af3549ad9bf7cbfb78ad884f84d5beb04724dc7369b31def37d0cf539e9cfcdd3de653729ead5d1",
   753  		[]testEncryptOAEPMessage{
   754  			// Example 1.1
   755  			{
   756  				[]byte{0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0,
   757  					0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23, 0x97,
   758  					0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe,
   759  					0xfe, 0x34,
   760  				},
   761  				[]byte{0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69,
   762  					0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1, 0xdd,
   763  					0xa0, 0xa5, 0xef,
   764  				},
   765  				[]byte{0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d,
   766  					0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f, 0x7b,
   767  					0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf,
   768  					0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb, 0x21, 0x69, 0x6d,
   769  					0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f,
   770  					0x8a, 0xfc, 0xc2, 0x01, 0x03, 0x5f, 0x7b, 0x6d, 0x8e,
   771  					0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a,
   772  					0x53, 0x5f, 0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f,
   773  					0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22,
   774  					0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70,
   775  					0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26, 0xd9, 0x8c,
   776  					0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94,
   777  					0xa0, 0xd9, 0xfa, 0x1e, 0x8c, 0x40, 0x24, 0x30, 0x9c,
   778  					0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a,
   779  					0xc7, 0x2e, 0x8a,
   780  				},
   781  			},
   782  			// Example 1.2
   783  			{
   784  				[]byte{0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4,
   785  					0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9, 0xba,
   786  					0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f,
   787  					0x9d, 0xd5,
   788  				},
   789  				[]byte{0x0c, 0xc7, 0x42, 0xce, 0x4a, 0x9b, 0x7f, 0x32,
   790  					0xf9, 0x51, 0xbc, 0xb2, 0x51, 0xef, 0xd9, 0x25, 0xfe,
   791  					0x4f, 0xe3, 0x5f,
   792  				},
   793  				[]byte{0x64, 0x0d, 0xb1, 0xac, 0xc5, 0x8e, 0x05, 0x68,
   794  					0xfe, 0x54, 0x07, 0xe5, 0xf9, 0xb7, 0x01, 0xdf, 0xf8,
   795  					0xc3, 0xc9, 0x1e, 0x71, 0x6c, 0x53, 0x6f, 0xc7, 0xfc,
   796  					0xec, 0x6c, 0xb5, 0xb7, 0x1c, 0x11, 0x65, 0x98, 0x8d,
   797  					0x4a, 0x27, 0x9e, 0x15, 0x77, 0xd7, 0x30, 0xfc, 0x7a,
   798  					0x29, 0x93, 0x2e, 0x3f, 0x00, 0xc8, 0x15, 0x15, 0x23,
   799  					0x6d, 0x8d, 0x8e, 0x31, 0x01, 0x7a, 0x7a, 0x09, 0xdf,
   800  					0x43, 0x52, 0xd9, 0x04, 0xcd, 0xeb, 0x79, 0xaa, 0x58,
   801  					0x3a, 0xdc, 0xc3, 0x1e, 0xa6, 0x98, 0xa4, 0xc0, 0x52,
   802  					0x83, 0xda, 0xba, 0x90, 0x89, 0xbe, 0x54, 0x91, 0xf6,
   803  					0x7c, 0x1a, 0x4e, 0xe4, 0x8d, 0xc7, 0x4b, 0xbb, 0xe6,
   804  					0x64, 0x3a, 0xef, 0x84, 0x66, 0x79, 0xb4, 0xcb, 0x39,
   805  					0x5a, 0x35, 0x2d, 0x5e, 0xd1, 0x15, 0x91, 0x2d, 0xf6,
   806  					0x96, 0xff, 0xe0, 0x70, 0x29, 0x32, 0x94, 0x6d, 0x71,
   807  					0x49, 0x2b, 0x44,
   808  				},
   809  			},
   810  			// Example 1.3
   811  			{
   812  				[]byte{0xd9, 0x4a, 0xe0, 0x83, 0x2e, 0x64, 0x45, 0xce,
   813  					0x42, 0x33, 0x1c, 0xb0, 0x6d, 0x53, 0x1a, 0x82, 0xb1,
   814  					0xdb, 0x4b, 0xaa, 0xd3, 0x0f, 0x74, 0x6d, 0xc9, 0x16,
   815  					0xdf, 0x24, 0xd4, 0xe3, 0xc2, 0x45, 0x1f, 0xff, 0x59,
   816  					0xa6, 0x42, 0x3e, 0xb0, 0xe1, 0xd0, 0x2d, 0x4f, 0xe6,
   817  					0x46, 0xcf, 0x69, 0x9d, 0xfd, 0x81, 0x8c, 0x6e, 0x97,
   818  					0xb0, 0x51,
   819  				},
   820  				[]byte{0x25, 0x14, 0xdf, 0x46, 0x95, 0x75, 0x5a, 0x67,
   821  					0xb2, 0x88, 0xea, 0xf4, 0x90, 0x5c, 0x36, 0xee, 0xc6,
   822  					0x6f, 0xd2, 0xfd,
   823  				},
   824  				[]byte{0x42, 0x37, 0x36, 0xed, 0x03, 0x5f, 0x60, 0x26,
   825  					0xaf, 0x27, 0x6c, 0x35, 0xc0, 0xb3, 0x74, 0x1b, 0x36,
   826  					0x5e, 0x5f, 0x76, 0xca, 0x09, 0x1b, 0x4e, 0x8c, 0x29,
   827  					0xe2, 0xf0, 0xbe, 0xfe, 0xe6, 0x03, 0x59, 0x5a, 0xa8,
   828  					0x32, 0x2d, 0x60, 0x2d, 0x2e, 0x62, 0x5e, 0x95, 0xeb,
   829  					0x81, 0xb2, 0xf1, 0xc9, 0x72, 0x4e, 0x82, 0x2e, 0xca,
   830  					0x76, 0xdb, 0x86, 0x18, 0xcf, 0x09, 0xc5, 0x34, 0x35,
   831  					0x03, 0xa4, 0x36, 0x08, 0x35, 0xb5, 0x90, 0x3b, 0xc6,
   832  					0x37, 0xe3, 0x87, 0x9f, 0xb0, 0x5e, 0x0e, 0xf3, 0x26,
   833  					0x85, 0xd5, 0xae, 0xc5, 0x06, 0x7c, 0xd7, 0xcc, 0x96,
   834  					0xfe, 0x4b, 0x26, 0x70, 0xb6, 0xea, 0xc3, 0x06, 0x6b,
   835  					0x1f, 0xcf, 0x56, 0x86, 0xb6, 0x85, 0x89, 0xaa, 0xfb,
   836  					0x7d, 0x62, 0x9b, 0x02, 0xd8, 0xf8, 0x62, 0x5c, 0xa3,
   837  					0x83, 0x36, 0x24, 0xd4, 0x80, 0x0f, 0xb0, 0x81, 0xb1,
   838  					0xcf, 0x94, 0xeb,
   839  				},
   840  			},
   841  		},
   842  	},
   843  	// Key 10
   844  	{"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb",
   845  		65537,
   846  		"056b04216fe5f354ac77250a4b6b0c8525a85c59b0bd80c56450a22d5f438e596a333aa875e291dd43f48cb88b9d5fc0d499f9fcd1c397f9afc070cd9e398c8d19e61db7c7410a6b2675dfbf5d345b804d201add502d5ce2dfcb091ce9997bbebe57306f383e4d588103f036f7e85d1934d152a323e4a8db451d6f4a5b1b0f102cc150e02feee2b88dea4ad4c1baccb24d84072d14e1d24a6771f7408ee30564fb86d4393a34bcf0b788501d193303f13a2284b001f0f649eaf79328d4ac5c430ab4414920a9460ed1b7bc40ec653e876d09abc509ae45b525190116a0c26101848298509c1c3bf3a483e7274054e15e97075036e989f60932807b5257751e79",
   847  		[]testEncryptOAEPMessage{
   848  			// Example 10.1
   849  			{
   850  				[]byte{0x8b, 0xba, 0x6b, 0xf8, 0x2a, 0x6c, 0x0f, 0x86,
   851  					0xd5, 0xf1, 0x75, 0x6e, 0x97, 0x95, 0x68, 0x70, 0xb0,
   852  					0x89, 0x53, 0xb0, 0x6b, 0x4e, 0xb2, 0x05, 0xbc, 0x16,
   853  					0x94, 0xee,
   854  				},
   855  				[]byte{0x47, 0xe1, 0xab, 0x71, 0x19, 0xfe, 0xe5, 0x6c,
   856  					0x95, 0xee, 0x5e, 0xaa, 0xd8, 0x6f, 0x40, 0xd0, 0xaa,
   857  					0x63, 0xbd, 0x33,
   858  				},
   859  				[]byte{0x53, 0xea, 0x5d, 0xc0, 0x8c, 0xd2, 0x60, 0xfb,
   860  					0x3b, 0x85, 0x85, 0x67, 0x28, 0x7f, 0xa9, 0x15, 0x52,
   861  					0xc3, 0x0b, 0x2f, 0xeb, 0xfb, 0xa2, 0x13, 0xf0, 0xae,
   862  					0x87, 0x70, 0x2d, 0x06, 0x8d, 0x19, 0xba, 0xb0, 0x7f,
   863  					0xe5, 0x74, 0x52, 0x3d, 0xfb, 0x42, 0x13, 0x9d, 0x68,
   864  					0xc3, 0xc5, 0xaf, 0xee, 0xe0, 0xbf, 0xe4, 0xcb, 0x79,
   865  					0x69, 0xcb, 0xf3, 0x82, 0xb8, 0x04, 0xd6, 0xe6, 0x13,
   866  					0x96, 0x14, 0x4e, 0x2d, 0x0e, 0x60, 0x74, 0x1f, 0x89,
   867  					0x93, 0xc3, 0x01, 0x4b, 0x58, 0xb9, 0xb1, 0x95, 0x7a,
   868  					0x8b, 0xab, 0xcd, 0x23, 0xaf, 0x85, 0x4f, 0x4c, 0x35,
   869  					0x6f, 0xb1, 0x66, 0x2a, 0xa7, 0x2b, 0xfc, 0xc7, 0xe5,
   870  					0x86, 0x55, 0x9d, 0xc4, 0x28, 0x0d, 0x16, 0x0c, 0x12,
   871  					0x67, 0x85, 0xa7, 0x23, 0xeb, 0xee, 0xbe, 0xff, 0x71,
   872  					0xf1, 0x15, 0x94, 0x44, 0x0a, 0xae, 0xf8, 0x7d, 0x10,
   873  					0x79, 0x3a, 0x87, 0x74, 0xa2, 0x39, 0xd4, 0xa0, 0x4c,
   874  					0x87, 0xfe, 0x14, 0x67, 0xb9, 0xda, 0xf8, 0x52, 0x08,
   875  					0xec, 0x6c, 0x72, 0x55, 0x79, 0x4a, 0x96, 0xcc, 0x29,
   876  					0x14, 0x2f, 0x9a, 0x8b, 0xd4, 0x18, 0xe3, 0xc1, 0xfd,
   877  					0x67, 0x34, 0x4b, 0x0c, 0xd0, 0x82, 0x9d, 0xf3, 0xb2,
   878  					0xbe, 0xc6, 0x02, 0x53, 0x19, 0x62, 0x93, 0xc6, 0xb3,
   879  					0x4d, 0x3f, 0x75, 0xd3, 0x2f, 0x21, 0x3d, 0xd4, 0x5c,
   880  					0x62, 0x73, 0xd5, 0x05, 0xad, 0xf4, 0xcc, 0xed, 0x10,
   881  					0x57, 0xcb, 0x75, 0x8f, 0xc2, 0x6a, 0xee, 0xfa, 0x44,
   882  					0x12, 0x55, 0xed, 0x4e, 0x64, 0xc1, 0x99, 0xee, 0x07,
   883  					0x5e, 0x7f, 0x16, 0x64, 0x61, 0x82, 0xfd, 0xb4, 0x64,
   884  					0x73, 0x9b, 0x68, 0xab, 0x5d, 0xaf, 0xf0, 0xe6, 0x3e,
   885  					0x95, 0x52, 0x01, 0x68, 0x24, 0xf0, 0x54, 0xbf, 0x4d,
   886  					0x3c, 0x8c, 0x90, 0xa9, 0x7b, 0xb6, 0xb6, 0x55, 0x32,
   887  					0x84, 0xeb, 0x42, 0x9f, 0xcc,
   888  				},
   889  			},
   890  		},
   891  	},
   892  }
   893  

View as plain text