// NewDecryptTest generates an RSA decryption test. func NewDecryptTest(decrypter crypto.Decrypter) testapi.TestFunc { ptxt := []byte("Test Plaintext") r := rand.Reader return func() (err error) { var c, m []byte if c, err = rsa.EncryptPKCS1v15(r, decrypter.Public().(*rsa.PublicKey), ptxt); err != nil { return } if m, err = decrypter.Decrypt(r, c, &rsa.PKCS1v15DecryptOptions{}); err != nil { return } if bytes.Compare(ptxt, m) != 0 { return errors.New("rsa decrypt failed") } if m, err = decrypter.Decrypt(r, c, &rsa.PKCS1v15DecryptOptions{SessionKeyLen: len(ptxt)}); err != nil { return } if bytes.Compare(ptxt, m) != 0 { return errors.New("rsa decrypt failed") } if m, err = decrypter.Decrypt(r, c, &rsa.PKCS1v15DecryptOptions{SessionKeyLen: len(ptxt) + 1}); err != nil { return } if bytes.Compare(ptxt, m) == 0 { return errors.New("rsa decrypt suceeded despite incorrect SessionKeyLen") } return nil } }