}
	if valid == 0 {
		return nil, ErrDecryption
	}
	return out[index:], nil
}

// DecryptPKCS1v15SessionKey decrypts a session key using RSA and the padding
// scheme from PKCS #1 v1.5. The random parameter is legacy and ignored, and it
// can be nil.
//
// DecryptPKCS1v15SessionKey returns an error if the ciphertext is the wrong
// length or if the ciphertext is greater than the public modulus. Otherwise, no

// avoid disclosing whether the received RSA message was well-formed
// (that is, whether the result of decrypting is a correctly padded
// message) because this leaks secret information.
// DecryptPKCS1v15SessionKey is designed for this situation and copies
// the decrypted, symmetric key (if well-formed) in constant-time over
// a buffer that contains a random key. Thus, if the RSA result isn't

		"FAIL",
	},
}

func TestEncryptPKCS1v15SessionKey(t *testing.T) {
	for i, test := range decryptPKCS1v15SessionKeyTests {
		key := []byte("FAIL")
		err := DecryptPKCS1v15SessionKey(nil, rsaPrivateKey, decodeBase64(test.in), key)
		if err != nil {
			t.Errorf("#%d error decrypting", i)
		}
		want := []byte(test.out)
		if !bytes.Equal(key, want) {

	}
	if err == nil {
		dec, err := DecryptPKCS1v15(nil, priv, enc)
		if err != nil {
			t.Errorf("DecryptPKCS1v15: %v", err)
		}
		err = DecryptPKCS1v15SessionKey(nil, priv, enc, make([]byte, 4))
		if err != nil {
			t.Errorf("DecryptPKCS1v15SessionKey: %v", err)
		}
		if !bytes.Equal(dec, msg) {
			t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
		}
	}

	label := []byte("label")

	case *PKCS1v15DecryptOptions:
		if l := opts.SessionKeyLen; l > 0 {
			plaintext = make([]byte, l)
			if _, err := io.ReadFull(rand, plaintext); err != nil {
				return nil, err
			}
			if err := DecryptPKCS1v15SessionKey(rand, priv, ciphertext, plaintext); err != nil {
				return nil, err
			}
			return plaintext, nil
		} else {
			return DecryptPKCS1v15(rand, priv, ciphertext)
		}

	default:

		{"CRTValue", Type, 0},
		{"CRTValue.Coeff", Field, 0},
		{"CRTValue.Exp", Field, 0},
		{"CRTValue.R", Field, 0},
		{"DecryptOAEP", Func, 0},
		{"DecryptPKCS1v15", Func, 0},
		{"DecryptPKCS1v15SessionKey", Func, 0},
		{"EncryptOAEP", Func, 0},
		{"EncryptPKCS1v15", Func, 0},
		{"ErrDecryption", Var, 0},
		{"ErrMessageTooLong", Var, 0},
		{"ErrVerification", Var, 0},
		{"GenerateKey", Func, 0},

pkg crypto/rsa, func DecryptOAEP(hash.Hash, io.Reader, *PrivateKey, []uint8, []uint8) ([]uint8, error)
pkg crypto/rsa, func DecryptPKCS1v15(io.Reader, *PrivateKey, []uint8) ([]uint8, error)
pkg crypto/rsa, func DecryptPKCS1v15SessionKey(io.Reader, *PrivateKey, []uint8, []uint8) error
pkg crypto/rsa, func EncryptOAEP(hash.Hash, io.Reader, *PublicKey, []uint8, []uint8) ([]uint8, error)