b04d6e6720
Remove SHA1 for certs in prep for Go 1.18 * Remove certs with SHA1 from tests * Use default SHA-256 with PKCS7 in AWS * Update SHA1 deprecation note Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
102 lines
2.5 KiB
Go
102 lines
2.5 KiB
Go
package pkcs7
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/x509"
|
|
"testing"
|
|
)
|
|
|
|
func TestEncrypt(t *testing.T) {
|
|
modes := []int{
|
|
EncryptionAlgorithmDESCBC,
|
|
EncryptionAlgorithmAES128CBC,
|
|
EncryptionAlgorithmAES256CBC,
|
|
EncryptionAlgorithmAES128GCM,
|
|
EncryptionAlgorithmAES256GCM,
|
|
}
|
|
sigalgs := []x509.SignatureAlgorithm{
|
|
x509.SHA256WithRSA,
|
|
x509.SHA512WithRSA,
|
|
}
|
|
for _, mode := range modes {
|
|
for _, sigalg := range sigalgs {
|
|
ContentEncryptionAlgorithm = mode
|
|
|
|
plaintext := []byte("Hello Secret World!")
|
|
cert, err := createTestCertificate(sigalg)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
encrypted, err := Encrypt(plaintext, []*x509.Certificate{cert.Certificate})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
p7, err := Parse(encrypted)
|
|
if err != nil {
|
|
t.Fatalf("cannot Parse encrypted result: %s", err)
|
|
}
|
|
result, err := p7.Decrypt(cert.Certificate, *cert.PrivateKey)
|
|
if err != nil {
|
|
t.Fatalf("cannot Decrypt encrypted result: %s", err)
|
|
}
|
|
if !bytes.Equal(plaintext, result) {
|
|
t.Errorf("encrypted data does not match plaintext:\n\tExpected: %s\n\tActual: %s", plaintext, result)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestEncryptUsingPSK(t *testing.T) {
|
|
modes := []int{
|
|
EncryptionAlgorithmDESCBC,
|
|
EncryptionAlgorithmAES128GCM,
|
|
}
|
|
|
|
for _, mode := range modes {
|
|
ContentEncryptionAlgorithm = mode
|
|
plaintext := []byte("Hello Secret World!")
|
|
var key []byte
|
|
|
|
switch mode {
|
|
case EncryptionAlgorithmDESCBC:
|
|
key = []byte("64BitKey")
|
|
case EncryptionAlgorithmAES128GCM:
|
|
key = []byte("128BitKey4AESGCM")
|
|
}
|
|
ciphertext, err := EncryptUsingPSK(plaintext, key)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
p7, _ := Parse(ciphertext)
|
|
result, err := p7.DecryptUsingPSK(key)
|
|
if err != nil {
|
|
t.Fatalf("cannot Decrypt encrypted result: %s", err)
|
|
}
|
|
if !bytes.Equal(plaintext, result) {
|
|
t.Errorf("encrypted data does not match plaintext:\n\tExpected: %s\n\tActual: %s", plaintext, result)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestPad(t *testing.T) {
|
|
tests := []struct {
|
|
Original []byte
|
|
Expected []byte
|
|
BlockSize int
|
|
}{
|
|
{[]byte{0x1, 0x2, 0x3, 0x10}, []byte{0x1, 0x2, 0x3, 0x10, 0x4, 0x4, 0x4, 0x4}, 8},
|
|
{[]byte{0x1, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, []byte{0x1, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8}, 8},
|
|
}
|
|
for _, test := range tests {
|
|
padded, err := pad(test.Original, test.BlockSize)
|
|
if err != nil {
|
|
t.Errorf("pad encountered error: %s", err)
|
|
continue
|
|
}
|
|
if !bytes.Equal(test.Expected, padded) {
|
|
t.Errorf("pad results mismatch:\n\tExpected: %X\n\tActual: %X", test.Expected, padded)
|
|
}
|
|
}
|
|
}
|