// NewDecryptTest generates an RSA decryption test.
func NewDecryptTest(decrypter crypto.Decrypter) testapi.TestFunc {
ptxt := []byte("Test Plaintext")
r := rand.Reader
return func() (err error) {
var c, m []byte
if c, err = rsa.EncryptPKCS1v15(r, decrypter.Public().(*rsa.PublicKey), ptxt); err != nil {
return
}
if m, err = decrypter.Decrypt(r, c, &rsa.PKCS1v15DecryptOptions{}); err != nil {
return
}
if bytes.Compare(ptxt, m) != 0 {
return errors.New("rsa decrypt failed")
}
if m, err = decrypter.Decrypt(r, c, &rsa.PKCS1v15DecryptOptions{SessionKeyLen: len(ptxt)}); err != nil {
return
}
if bytes.Compare(ptxt, m) != 0 {
return errors.New("rsa decrypt failed")
}
if m, err = decrypter.Decrypt(r, c, &rsa.PKCS1v15DecryptOptions{SessionKeyLen: len(ptxt) + 1}); err != nil {
return
}
if bytes.Compare(ptxt, m) == 0 {
return errors.New("rsa decrypt suceeded despite incorrect SessionKeyLen")
}
return nil
}
}
